Classification of PVS-Studio warnings according to the SEI CERT Coding Standard


The SEI CERT Coding Standard is a software coding standard for the programming languages such as C, C++, Java, and Perl, developed by the CERT Coordination Center to improve the safety, reliability, and security of software systems.

The analyzer page on the SEI CERT website: PVS-Studio.

Error CodeError DescriptionCERT Rule
V502Perhaps the '?:' operator works in a different way than it was expected. The '?:' operator has a lower priority than the 'foo' operator.EXP00-C
V503This is a nonsensical comparison: pointer < 0.EXP08-C
V505The 'alloca' function is used inside the loop. This can quickly overflow stack.MEM05-C
V506Pointer to local variable 'X' is stored outside the scope of this variable. Such a pointer will become invalid.DCL30-C
V507Pointer to local array 'X' is stored outside the scope of this array. Such a pointer will become invalid.DCL30-C
V509The 'throw' operator inside the destructor should be placed within the try..catch block. Raising exception inside the destructor is illegal.DCL57-CPP
V510The 'Foo' function is not expected to receive class-type variable as 'N' actual argument.FIO47-C
V511The sizeof() operator returns size of the pointer, and not of the array, in given expression.ARR01-C
V512A call of the 'Foo' function will lead to a buffer overflow or underflow.ARR01-C, ARR30-C
V513Use _beginthreadex/_endthreadex functions instead of CreateThread/ExitThread functions.MSC24-C
V514Dividing sizeof a pointer by another value. There is a probability of logical error presence.ARR01-C
V515The 'delete' operator is applied to non-pointer.MEM51-CPP
V516Consider inspecting an odd expression. Non-null function pointer is compared to null.EXP16-C
V517The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence.MSC01-C
V518The 'malloc' function allocates strange amount of memory calculated by 'strlen(expr)'. Perhaps the correct variant is strlen(expr) + 1.STR31-C
V519The 'x' variable is assigned values twice successively. Perhaps this is a mistake.MSC13-C
V520The comma operator ',' in array index expression.EXP08-C
V521Such expressions using the ',' operator are dangerous. Make sure the expression is correct.EXP10-C, EXP50-CPP
V522Dereferencing of the null pointer might take place.MEM52-CPP, EXP34-C
V529Odd semicolon ';' after 'if/for/while' operator.EXP15-C
V530The return value of function 'Foo' is required to be utilized.EXP12-C
V531It is odd that a sizeof() operator is multiplied by sizeof().MEM35-C
V533It is likely that a wrong variable is being incremented inside the 'for' operator. Consider reviewing 'X'.MSC01-C
V534It is likely that a wrong variable is being compared inside the 'for' operator. Consider reviewing 'X'.MSC01-C
V535The variable 'X' is being used for this loop and for the outer loop.MSC01-C
V536Be advised that the utilized constant value is represented by an octal form.DCL18-C
V539Consider inspecting iterators which are being passed as arguments to function 'Foo'.CTR53-CPP
V540Member 'x' should point to string terminated by two 0 characters.EXP37-C
V541It is dangerous to print a string into itself.EXP37-C
V542Consider inspecting an odd type cast: 'Type1' to ' Type2'.INT36-C
V546Member of a class is initialized with itself: 'Foo(Foo)'.EXP53-CPP
V548Consider reviewing type casting. TYPE X[][] is not equivalent to TYPE **X.EXP36-C
V549The 'first' argument of 'Foo' function is equal to the 'second' argument.EXP37-C
V550An odd precise comparison. It's probably better to use a comparison with defined precision: fabs(A - B) < Epsilon or fabs(A - B) > Epsilon.FLP02-C
V551The code under this 'case' label is unreachable.MSC12-C
V554Incorrect use of smart pointer.MEM51-CPP
V555The expression of the 'A - B > 0' kind will work as 'A != B'.INT02-C
V556The values of different enum types are compared.MSC01-C
V557Array overrun is possible.ARR30-C
V558Function returns the pointer/reference to temporary local object.DCL30-C
V559Suspicious assignment inside the conditional expression of 'if/while/for' statement.EXP45-C
V561It's probably better to assign value to 'foo' variable than to declare it anew.DCL01-C
V563It is possible that this 'else' branch must apply to the previous 'if' statement.EXP19-C
V564The '&' or '|' operator is applied to bool type value. You've probably forgotten to include parentheses or intended to use the '&&' or '||' operator.EXP46-C
V566The integer constant is converted to pointer. Possibly an error or a bad coding style.INT36-C
V567The modification of a variable is unsequenced relative to another operation on the same variable. This may lead to undefined behavior.EXP30-C
V568It's odd that the argument of sizeof() operator is the expression.EXP44-C, ARR01-C
V569Truncation of constant value.INT31-C
V573Uninitialized variable 'Foo' was used. The variable was used to initialize itself.EXP33-C, EXP53-CPP
V574The pointer is used simultaneously as an array and as a pointer to single object.EXP08-C
V575Function receives an odd argument.EXP37-C
V576Incorrect format. Consider checking the N actual argument of the 'Foo' function.FIO47-C, DCL11-C
V577Label is present inside a switch(). It is possible that these are misprints and 'default:' operator should be used instead.MSC01-C
V579The 'Foo' function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the N argument.ARR01-C
V580An odd explicit type casting. Consider verifying it.EXP39-C
V582Consider reviewing the source code which operates the container.ARR30-C
V585An attempt to release the memory in which the 'Foo' local variable is stored.MEM34-C
V586The 'Foo' function is called twice for deallocation of the same resource.MEM50-CPP, MEM30-C
V590Consider inspecting this expression. The expression is excessive or contains a misprint.MSC01-C
V591Non-void function should return a value.MSC52-CPP
V593Consider reviewing the expression of the 'A = B == C' kind. The expression is calculated as following: 'A = (B == C)'.EXP00-C
V594The pointer steps out of array's bounds.ARR30-C
V595The pointer was utilized before it was verified against nullptr. Check lines: N1, N2.EXP34-C
V596The object was created but it is not being used. The 'throw' keyword could be missing.MSC13-C
V597The compiler could delete the 'memset' function call, which is used to flush 'Foo' buffer. The RtlSecureZeroMemory() function should be used to erase the private data.MSC06-C
V598The 'memset/memcpy' function is used to nullify/copy the fields of 'Foo' class. Virtual table pointer will be damaged by this.EXP62-CPP, OOP57-CPP
V599The virtual destructor is not present, although the 'Foo' class contains virtual functions.OOP52-CPP
V600Consider inspecting the condition. The 'Foo' pointer is always not equal to NULL.EXP08-C
V601An odd implicit type casting.INT36-C
V603The object was created but it is not being used. If you wish to call constructor, 'this->Foo::Foo(....)' should be used.MSC13-C
V604It is odd that the number of iterations in the loop equals to the size of the pointer.ARR01-C
V605Consider verifying the expression. An unsigned value is compared to the number - NN.INT02-C
V606Ownerless token 'Foo'.MSC12-C
V609Divide or mod by zero.INT33-C
V610Undefined behavior. Check the shift operator.INT34-C
V611The memory allocation and deallocation methods are incompatible.MEM51-CPP
V612An unconditional 'break/continue/return/goto' within a loop.MSC01-C
V613Strange pointer arithmetic with 'malloc/new'.EXP08-C
V614Uninitialized variable 'Foo' used.EXP33-C, EXP33-CPP
V615An odd explicit conversion from 'float *' type to 'double *' type.FLP34-C
V618It's dangerous to call the 'Foo' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str);FIO30-C
V619An array is being utilized as a pointer to single object.EXP08-C
V620It's unusual that the expression of sizeof(T)*N kind is being summed with the pointer to T type.EXP08-C
V621Consider inspecting the 'for' operator. It's possible that the loop will be executed incorrectly or won't be executed at all.MSC21-C
V622Consider inspecting the 'switch' statement. It's possible that the first 'case' operator is missing.DCL41-C
V623Consider inspecting the '?:' operator. A temporary object is being created and subsequently destroyed.DCL30-C
V628It's possible that the line was commented out improperly, thus altering the program's operation logics.EXP19-C
V629Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.INT00-C
V632Consider inspecting the NN argument of the 'Foo' function. It is odd that the argument is of the 'T' type.EXP37-C
V633Consider inspecting the expression. Probably the '!=' should be used here.EXP45-C
V634The priority of the '+' operation is higher than that of the '<<' operation. It's possible that parentheses should be used in the expression.EXP00-C
V635Consider inspecting the expression. The length should probably be multiplied by the sizeof(wchar_t).MEM35-C
V636The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid overflow or loss of a fractional part.FLP06-C
V639Consider inspecting the expression for function call. It is possible that one of the closing ')' parentheses was positioned incorrectly.EXP37-C
V640The code's operational logic does not correspond with its formatting.EXP19-C
V641The buffer size is not a multiple of the element size.EXP36-C
V642Saving the function result inside the 'byte' type variable is inappropriate. The significant bits could be lost breaking the program's logic.INT31-C
V643Unusual pointer arithmetic. The value of the 'char' type is being added to the string pointer.ARR30-C, EXP08-C
V645The function call could lead to the buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold.ARR30-C, STR31-C
V647The value of 'A' type is assigned to the pointer of 'B' type.INT36-C
V648Priority of the '&&' operation is higher than that of the '||' operation.EXP00-C
V649There are two 'if' statements with identical conditional expressions. The first 'if' statement contains function return. This means that the second 'if' statement is senseless.MSC12-C
V650Type casting operation is utilized 2 times in succession. Next, the '+' operation is executed. Probably meant: (T1)((T2)a + b).EXP08-C
V658A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly.INT30-C
V662Consider inspecting the loop expression. Different containers are utilized for setting up initial and final values of the iterator.CTR53-CPP
V664The pointer is being dereferenced on the initialization list before it is verified against null inside the body of the constructor function.EXP34-C
V665Possibly, the usage of '#pragma warning(default: X)' is incorrect in this context. The '#pragma warning(push/pop)' should be used instead.MSC00-C
V666Consider inspecting NN argument of the function 'Foo'. It is possible that the value does not correspond with the length of a string which was passed with the YY argument.EXP37-C
V670An uninitialized class member is used to initialize another member. Remember that members are initialized in the order of their declarations inside a class.EXP33-C, EXP53-CPP
V671It is possible that the 'swap' function interchanges a variable with itself.EXP37-C
V673More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits.INT02-C
V674The expression contains a suspicious mix of integer and real types.FLP36-C
V675Writing into the read-only memory.STR30-C, ENV30-C
V679The 'X' variable was not initialized. This variable is passed by a reference to the 'Foo' function in which its value will be utilized.EXP33-C, EXP53-CPP
V681The language standard does not define an order in which the 'Foo' functions will be called during evaluation of arguments.EXP10-C
V687Size of an array calculated by the sizeof() operator was added to a pointer. It is possible that the number of elements should be calculated by sizeof(A)/sizeof(A[0]).EXP08-C
V688The 'foo' local variable possesses the same name as one of the class members, which can result in a confusion.DCL01-C
V689The destructor of the 'Foo' class is not declared as a virtual. It is possible that a smart pointer will not destroy an object correctly.OOP52-CPP
V692An inappropriate attempt to append a null character to a string. To determine the length of a string by 'strlen' function correctly, a string ending with a null terminator should be used in the first place.STR32-C
V694The condition (ptr - const_value) is only false if the value of a pointer equals a magic constant.ARR30-C
V695Range intersections are possible within conditional expressions.MSC01-C
V696The 'continue' operator will terminate 'do { ... } while (FALSE)' loop because the condition is always false.MSC01-C
V697A number of elements in the allocated array is equal to size of a pointer in bytes.ARR01-C
V698strcmp()-like functions can return not only the values -1, 0 and 1, but any values.EXP12-C
V699Consider inspecting the 'foo = bar = baz ? .... : ....' expression. It is possible that 'foo = bar == baz ? .... : ....' should be used here instead.EXP45-C
V701realloc() possible leak: when realloc() fails in allocating memory, original pointer is lost. Consider assigning realloc() to a temporary pointer.WIN30-C, MEM51-CPP
V703It is odd that the 'foo' field in derived class overwrites field in base class.DCL01-C
V705It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics.EXP19-C
V708Dangerous construction is used: 'm[x] = m.size()', where 'm' is of 'T' class. This may lead to undefined behavior.EXP50-CPP
V709Suspicious comparison found: 'a == b == c'. Remember that 'a == b == c' is not equal to 'a == b && b == c'.EXP13-C
V711It is dangerous to create a local variable within a loop with a same name as a variable controlling this loop.DCL01-C
V712Be advised that compiler may delete this cycle or make it infinity. Use volatile variable(s) or synchronization primitives to avoid this.MSC06-C
V713The pointer was utilized in the logical expression before it was verified against nullptr in the same logical expression.EXP34-C
V714Variable is not passed into foreach loop by a reference, but its value is changed inside of the loop.MSC13-C
V715The 'while' operator has empty body. Suspicious pattern detected.EXP15-C
V719The switch statement does not cover all values of the enum.MSC01-C
V722An abnormality within similar comparisons. It is possible that a typo is present inside the expression.MSC01-C
V723Function returns a pointer to the internal string buffer of a local object, which will be destroyed.DCL30-C
V724Converting integers or pointers to BOOL can lead to a loss of high-order bits. Non-zero value can become 'FALSE'.INT31-C
V726An attempt to free memory containing the 'int A[10]' array by using the 'free(A)' function.MEM34-C
V727Return value of 'wcslen' function is not multiplied by 'sizeof(wchar_t)'STR31-C
V730Not all members of a class are initialized inside the constructor.EXP53-CPP
V733It is possible that macro expansion resulted in incorrect evaluation order.PRE01-C
V736The behavior is undefined for arithmetic or comparisons with pointers that do not point to members of the same array.ARR36-C
V738Temporary anonymous object is used.DCL30-C
V739EOF should not be compared with a value of the 'char' type. Consider using the 'int' type.INT31-C
V742Function receives an address of a 'char' type variable instead of pointer to a buffer.EXP37-C
V743The memory areas must not overlap. Use 'memmove' function.EXP37-C
V744Temporary object is immediately destroyed after being created. Consider naming the object.MSC13-C
V746Object slicing. An exception should be caught by reference rather than by value.ERR61-CPP
V747An odd expression inside parenthesis. It is possible that a function name is missing.MSC01-C
V748Memory for 'getline' function should be allocated only by 'malloc' or 'realloc' functions. Consider inspecting the first parameter of 'getline' function.MEM51-CPP
V749Destructor of the object will be invoked a second time after leaving the object's scope.MEM53-CPP
V751Parameter is not used inside function's body.MSC13-C
V752Creating an object with placement new requires a buffer of large size.MEM54-CPP
V755Copying from unsafe data source. Buffer overflow is possible.STR31-C
V757It is possible that an incorrect variable is compared with null after type conversion using 'dynamic_cast'.EXP12-C
V758Reference invalidated because of the destruction of the temporary object returned by the function.EXP54-CPP
V759Violated order of exception handlers. Exception caught by handler for base class.ERR54-CPP
V763Parameter is always rewritten in function body before being used.MSC13-C
V764Possible incorrect order of arguments passed to function.EXP37-C
V769The pointer in the expression equals nullptr. The resulting value is meaningless and should not be used.EXP08-C
V772Calling the 'delete' operator for a void pointer will cause undefined behavior.MSC15-C
V773The function was exited without releasing the pointer/handle. A memory/resource leak is possible.MEM31-C, MEM51-CPP
V774The pointer was used after the memory was released.MEM30-C, MEM50-CPP
V777Dangerous widening type conversion from an array of derived-class objects to a base-class pointer.CTR56-CPP
V779Unreachable code detected. It is possible that an error is present.MSC12-C
V780The object of non-passive (non-PDS) type cannot be used with the function.EXP62-CPP, OOP57-CPP
V781The value of the variable is checked after it was used. Perhaps there is a mistake in program logic. Check lines: N1, N2.API00-C, CTR50-CPP, MEM35-C
V782It is pointless to compute the distance between the elements of different arrays.ARR36-C
V783Dereferencing of invalid iterator 'X' might take place.CTR51-CPP
V785Constant expression in switch statement.MSC01-C
V786Assigning the value C to the X variable looks suspicious. The value range of the variable: [A, B].MSC01-C
V788Review captured variable in lambda expression.EXP53-CPP
V789Iterators for the container, used in the range-based for loop, become invalid upon a function call.CTR53-CPP
V796A 'break' statement is probably missing in a 'switch' statement.MSC17-C
V797The function is used as if it returned a bool type. The return value of the function should probably be compared with std::string::npos.EXP12-C
V798The size of the dynamic array can be less than the number of elements in the initializer.ARR02-C
V1001The variable is assigned but is not used by the end of the function.MSC13-C
V1004The pointer was used unsafely after it was verified against nullptr.EXP34-C, EXP08-C, EXP37-C
V1006Several shared_ptr objects are initialized by the same pointer. A double memory deallocation will occur.MEM56-CPP
V1007The value from the uninitialized optional is used. Probably it is a mistake.EXP53-CPP
V1014Structures with members of real type are compared byte-wise.FLP37-C
V1016The value is out of range of enum values. This causes unspecified or undefined behavior.INT50-CPP
V1023A pointer without owner is added to the container by the 'emplace_back' method. A memory leak will occur in case of an exception.ERR56-CPP
V1026The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow.INT32-C
V1029Numeric Truncation Error. Return value of function is written to N-bit variable.INT31-C
V1032Pointer is cast to a more strictly aligned pointer type.EXP36-C
V1034Do not use real-type variables as loop counters.FLP30-C
V1035Only values that are returned from fgetpos() can be used as arguments to fsetpos().FIO44-C
V2001Consider using the extended version of the 'foo'function here.MSC24-C
V2002Consider using the 'Ptr' version of the 'foo' function here.MSC24-C
V2003Explicit conversion from 'float/double' type to signed integer type.FLP34-C
V2004Explicit conversion from 'float/double' type to unsigned integer type.FLP34-C
V2501MISRA. Octal constants should not be used.DCL18-C
V2503MISRA. Implicitly specified enumeration constants should be unique – consider specifying non-unique constants explicitly.INT09-C
V2507MISRA. The body of a loop\conditional statement should be enclosed in braces.EXP19-C
V2508MISRA. The function with the 'atof/atoi/atoll/atoll' name should not be used.MSC24-C
V2509MISRA. The function with the 'abort/exit/getenv/system' name should not be used.MSC24-C
V2510MISRA. The function with the 'qsort/bsearch' name should not be used.MSC24-C
V2511MISRA. Memory allocation and deallocation functions should not be used.MSC24-C
V2512MISRA. The macro with the 'setjmp' name and the function with the 'longjmp' name should not be used.MSC22-C
V2513MISRA. Unbounded functions performing string operations should not be used.MSC24-C
V2516MISRA. The 'if' ... 'else if' construct should be terminated with an 'else' statement.MSC01-C
V2517MISRA. Literal suffixes should not contain lowercase characters.DCL16-C
V2519MISRA. Every 'switch' statement should have a 'default' label, which, in addition to the terminating 'break' statement, should contain either a statement or a comment.MSC01-C
V2520MISRA. Every switch-clause should be terminated by an unconditional 'break' or 'throw' statement.MSC17-C
V2522MISRA. The 'switch' statement should have 'default' as the last label.MSC01-C
V2524MISRA. A switch-label should only appear at the top level of the compound statement forming the body of a 'switch' statement.MSC20-C
V2526MISRA. The functions from time.h/ctime should not be used.MSC24-C
V6049Classes that define 'equals' method must also define 'hashCode' method.MET09-J
V6050Class initialization cycle is present.DCL00-J
V6051Use of jump statements in 'finally' block can lead to the loss of unhandled exceptions.ERR04-J
V6052Calling an overridden method in parent-class constructor may lead to use of uninitialized data.MET05-J
V6053Collection is modified while iteration is in progress. ConcurrentModificationException may occur.MSC06-J
V6054Classes should not be compared by their name.OBJ09-J
V6055Expression inside assert statement can change object's state.EXP06-J
V6061The used constant value is represented by an octal form.DCL50-J
V6064Suspicious invocation of Thread.run().THI00-J
V6066Passing objects of incompatible types to the method of collection.EXP04-J

Bugs Found

Checked Projects
336
Collected Errors
12 743