CVE-2012-1147 : readfilemap.c in expat before 2.1.0 allows context-dependent attackers to cause a denial of service (file descriptor consumption) via a large number of crafted XML files.This has been described in a few articles ( link). CVE-2013-6462 : 23 year old stack overflow in X.org that was found with Cppcheck.This was found by Thomas Jarosch using Cppcheck. CVE-2017-1000249 : file : stack based buffer overflow.Permissions, Privileges, and Access Control The most common types of security vulnerabilities in 2017 (CVE count) was: Category Most tools can determine that the array index will be 1000 and there will be overflow.Ĭppcheck will also diagnose this: void foo(int x) Most analyzers will diagnose this: void foo(int x) In Cppcheck the data flow analysis is not only "forward" but "bi-directional". But in practice, it means Cppcheck will detect bugs that the other tools do not detect. In theory by definition, it is better with path sensitive analysis than flow sensitive analysis. Several other analyzers use path sensitive analysis based on abstract interpretation, that is also great however that has both advantages and disadvantages. This has been established in many studies.Ĭppcheck uses unsound flow sensitive analysis. Using several static analysis tools can be a good idea. Unique code analysis that detect various kinds of bugs in your code.īoth command line interface and graphical user interface are available.Ĭppcheck has a strong focus on detecting undefined behaviour. Debian: sudo apt-get install cppcheck Fedora: sudo yum install cppcheck Mac: brew install cppcheck Features Download Cppcheck 2.12 (open source) PlatformĬppcheck can also be installed from various package managers however, you might get an outdated version then. Please visit for more information and purchase options for the commercial version. The goal is to have very few false positives.Ĭppcheck is designed to be able to analyze your C/C++ code even if it has non-standard syntax (common in embedded projects).Ĭppcheck is available both as open-source (this page) and as Cppcheck Premium with extended functionality and support. It provides unique code analysis to detect bugs and focuses on detecting undefined behaviour andĭangerous coding constructs.
0 kommentar(er)
