SEI CERT Coding Standard - набор стандартов написания программного обеспечения (ПО) на языках C, C++, Java и Perl, разрабатываемых координационным центром CERT (CERT Coordination Center, CERT/CC) для повышения надёжности и безопасности ПО.
Страница анализатора на сайте SEI CERT: PVS-Studio.
| Код ошибки | Название ошибки | CERT Rule |
| V502 | Perhaps the '?:' operator works in a different way than it was expected. The '?:' operator has a lower priority than the 'foo' operator. | EXP00-C |
| V503 | This is a nonsensical comparison: pointer < 0. | EXP08-C |
| V505 | The 'alloca' function is used inside the loop. This can quickly overflow stack. | MEM05-C |
| V506 | Pointer to local variable 'X' is stored outside the scope of this variable. Such a pointer will become invalid. | DCL30-C |
| V507 | Pointer to local array 'X' is stored outside the scope of this array. Such a pointer will become invalid. | DCL30-C |
| V509 | The 'throw' operator inside the destructor should be placed within the try..catch block. Raising exception inside the destructor is illegal. | DCL57-CPP |
| V510 | The 'Foo' function is not expected to receive class-type variable as 'N' actual argument. | FIO47-C |
| V511 | The sizeof() operator returns size of the pointer, and not of the array, in given expression. | ARR01-C |
| V512 | A call of the 'Foo' function will lead to a buffer overflow or underflow. | ARR01-C, ARR30-C |
| V513 | Use _beginthreadex/_endthreadex functions instead of CreateThread/ExitThread functions. | MSC24-C |
| V514 | Dividing sizeof a pointer by another value. There is a probability of logical error presence. | ARR01-C |
| V515 | The 'delete' operator is applied to non-pointer. | MEM51-CPP |
| V516 | Consider inspecting an odd expression. Non-null function pointer is compared to null. | EXP16-C |
| V517 | The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence. | MSC01-C |
| V518 | The 'malloc' function allocates strange amount of memory calculated by 'strlen(expr)'. Perhaps the correct variant is strlen(expr) + 1. | STR31-C |
| V519 | The 'x' variable is assigned values twice successively. Perhaps this is a mistake. | MSC13-C |
| V520 | The comma operator ',' in array index expression. | EXP08-C |
| V521 | Such expressions using the ',' operator are dangerous. Make sure the expression is correct. | EXP10-C, EXP50-CPP |
| V522 | Dereferencing of the null pointer might take place. | EXP34-C, MEM52-CPP |
| V529 | Odd semicolon ';' after 'if/for/while' operator. | EXP15-C |
| V530 | The return value of function 'Foo' is required to be utilized. | EXP12-C |
| V531 | It is odd that a sizeof() operator is multiplied by sizeof(). | MEM35-C |
| V533 | It is likely that a wrong variable is being incremented inside the 'for' operator. Consider reviewing 'X'. | MSC01-C |
| V534 | It is likely that a wrong variable is being compared inside the 'for' operator. Consider reviewing 'X'. | MSC01-C |
| V535 | The variable 'X' is being used for this loop and for the outer loop. | MSC01-C |
| V536 | Be advised that the utilized constant value is represented by an octal form. | DCL18-C |
| V539 | Consider inspecting iterators which are being passed as arguments to function 'Foo'. | CTR53-CPP |
| V540 | Member 'x' should point to string terminated by two 0 characters. | EXP37-C |
| V541 | It is dangerous to print a string into itself. | EXP37-C |
| V542 | Consider inspecting an odd type cast: 'Type1' to ' Type2'. | INT36-C |
| V546 | Member of a class is initialized with itself: 'Foo(Foo)'. | EXP53-CPP |
| V548 | Consider reviewing type casting. TYPE X[][] is not equivalent to TYPE **X. | EXP36-C |
| V549 | The 'first' argument of 'Foo' function is equal to the 'second' argument. | EXP37-C |
| V550 | An odd precise comparison. It's probably better to use a comparison with defined precision: fabs(A - B) < Epsilon or fabs(A - B) > Epsilon. | FLP02-C |
| V551 | The code under this 'case' label is unreachable. | MSC12-C |
| V554 | Incorrect use of smart pointer. | MEM51-CPP |
| V555 | The expression of the 'A - B > 0' kind will work as 'A != B'. | INT02-C |
| V556 | The values of different enum types are compared. | MSC01-C |
| V557 | Array overrun is possible. | ARR30-C |
| V558 | Function returns the pointer/reference to temporary local object. | DCL30-C |
| V559 | Suspicious assignment inside the conditional expression of 'if/while/for' statement. | EXP45-C |
| V561 | It's probably better to assign value to 'foo' variable than to declare it anew. | DCL01-C |
| V563 | It is possible that this 'else' branch must apply to the previous 'if' statement. | EXP19-C |
| V564 | The '&' or '|' operator is applied to bool type value. You've probably forgotten to include parentheses or intended to use the '&&' or '||' operator. | EXP46-C |
| V566 | The integer constant is converted to pointer. Possibly an error or a bad coding style. | INT36-C |
| V567 | The modification of a variable is unsequenced relative to another operation on the same variable. This may lead to undefined behavior. | EXP30-C |
| V568 | It's odd that the argument of sizeof() operator is the expression. | EXP44-C, ARR01-C |
| V569 | Truncation of constant value. | INT31-C |
| V573 | Uninitialized variable 'Foo' was used. The variable was used to initialize itself. | EXP33-C, EXP53-CPP |
| V574 | The pointer is used simultaneously as an array and as a pointer to single object. | EXP08-C |
| V575 | Function receives an odd argument. | EXP37-C |
| V576 | Incorrect format. Consider checking the N actual argument of the 'Foo' function. | FIO47-C, DCL11-C |
| V577 | Label is present inside a switch(). It is possible that these are misprints and 'default:' operator should be used instead. | MSC01-C |
| V579 | The 'Foo' function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the N argument. | ARR01-C |
| V580 | An odd explicit type casting. Consider verifying it. | EXP39-C |
| V582 | Consider reviewing the source code which operates the container. | ARR30-C |
| V585 | An attempt to release the memory in which the 'Foo' local variable is stored. | MEM34-C |
| V586 | The 'Foo' function is called twice for deallocation of the same resource. | MEM50-CPP, MEM30-C |
| V590 | Consider inspecting this expression. The expression is excessive or contains a misprint. | MSC01-C |
| V591 | Non-void function should return a value. | MSC52-CPP |
| V593 | Consider reviewing the expression of the 'A = B == C' kind. The expression is calculated as following: 'A = (B == C)'. | EXP00-C |
| V594 | The pointer steps out of array's bounds. | ARR30-C |
| V595 | The pointer was utilized before it was verified against nullptr. Check lines: N1, N2. | EXP34-C |
| V596 | The object was created but it is not being used. The 'throw' keyword could be missing. | MSC13-C |
| V597 | The compiler could delete the 'memset' function call, which is used to flush 'Foo' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. | MSC06-C |
| V598 | The 'memset/memcpy' function is used to nullify/copy the fields of 'Foo' class. Virtual table pointer will be damaged by this. | EXP62-CPP, OOP57-CPP |
| V599 | The virtual destructor is not present, although the 'Foo' class contains virtual functions. | OOP52-CPP |
| V600 | Consider inspecting the condition. The 'Foo' pointer is always not equal to NULL. | EXP08-C |
| V601 | An odd implicit type casting. | INT36-C |
| V603 | The object was created but it is not being used. If you wish to call constructor, 'this->Foo::Foo(....)' should be used. | MSC13-C |
| V604 | It is odd that the number of iterations in the loop equals to the size of the pointer. | ARR01-C |
| V605 | Consider verifying the expression. An unsigned value is compared to the number - NN. | INT02-C |
| V606 | Ownerless token 'Foo'. | MSC12-C |
| V609 | Divide or mod by zero. | INT33-C |
| V610 | Undefined behavior. Check the shift operator. | INT34-C |
| V611 | The memory allocation and deallocation methods are incompatible. | MEM51-CPP |
| V612 | An unconditional 'break/continue/return/goto' within a loop. | MSC01-C |
| V613 | Strange pointer arithmetic with 'malloc/new'. | EXP08-C |
| V614 | Uninitialized variable 'Foo' used. | EXP33-C, EXP33-CPP |
| V615 | An odd explicit conversion from 'float *' type to 'double *' type. | FLP34-C |
| V618 | It's dangerous to call the 'Foo' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); | FIO30-C |
| V619 | An array is being utilized as a pointer to single object. | EXP08-C |
| V620 | It's unusual that the expression of sizeof(T)*N kind is being summed with the pointer to T type. | EXP08-C |
| V621 | Consider inspecting the 'for' operator. It's possible that the loop will be executed incorrectly or won't be executed at all. | MSC21-C |
| V622 | Consider inspecting the 'switch' statement. It's possible that the first 'case' operator is missing. | DCL41-C |
| V623 | Consider inspecting the '?:' operator. A temporary object is being created and subsequently destroyed. | DCL30-C |
| V628 | It's possible that the line was commented out improperly, thus altering the program's operation logics. | EXP19-C |
| V629 | Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type. | INT00-C |
| V632 | Consider inspecting the NN argument of the 'Foo' function. It is odd that the argument is of the 'T' type. | EXP37-C |
| V633 | Consider inspecting the expression. Probably the '!=' should be used here. | EXP45-C |
| V634 | The priority of the '+' operation is higher than that of the '<<' operation. It's possible that parentheses should be used in the expression. | EXP00-C |
| V635 | Consider inspecting the expression. The length should probably be multiplied by the sizeof(wchar_t). | MEM35-C |
| V636 | The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid overflow or loss of a fractional part. | FLP06-C |
| V639 | Consider inspecting the expression for function call. It is possible that one of the closing ')' parentheses was positioned incorrectly. | EXP37-C |
| V640 | The code's operational logic does not correspond with its formatting. | EXP19-C |
| V641 | The buffer size is not a multiple of the element size. | EXP36-C |
| V642 | Saving the function result inside the 'byte' type variable is inappropriate. The significant bits could be lost breaking the program's logic. | INT31-C |
| V643 | Unusual pointer arithmetic. The value of the 'char' type is being added to the string pointer. | ARR30-C, EXP08-C |
| V645 | The function call could lead to the buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. | ARR30-C, STR31-C |
| V647 | The value of 'A' type is assigned to the pointer of 'B' type. | INT36-C |
| V648 | Priority of the '&&' operation is higher than that of the '||' operation. | EXP00-C |
| V649 | There are two 'if' statements with identical conditional expressions. The first 'if' statement contains function return. This means that the second 'if' statement is senseless. | MSC12-C |
| V650 | Type casting operation is utilized 2 times in succession. Next, the '+' operation is executed. Probably meant: (T1)((T2)a + b). | EXP08-C |
| V658 | A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly. | INT30-C |
| V662 | Consider inspecting the loop expression. Different containers are utilized for setting up initial and final values of the iterator. | CTR53-CPP |
| V664 | The pointer is being dereferenced on the initialization list before it is verified against null inside the body of the constructor function. | EXP34-C |
| V665 | Possibly, the usage of '#pragma warning(default: X)' is incorrect in this context. The '#pragma warning(push/pop)' should be used instead. | MSC00-C |
| V666 | Consider inspecting NN argument of the function 'Foo'. It is possible that the value does not correspond with the length of a string which was passed with the YY argument. | EXP37-C |
| V670 | An uninitialized class member is used to initialize another member. Remember that members are initialized in the order of their declarations inside a class. | EXP33-C, EXP53-CPP |
| V671 | It is possible that the 'swap' function interchanges a variable with itself. | EXP37-C |
| V673 | More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits. | INT02-C |
| V674 | The expression contains a suspicious mix of integer and real types. | FLP36-C |
| V675 | Writing into the read-only memory. | STR30-C, ENV30-C |
| V679 | The 'X' variable was not initialized. This variable is passed by a reference to the 'Foo' function in which its value will be utilized. | EXP33-C, EXP53-CPP |
| V681 | The language standard does not define an order in which the 'Foo' functions will be called during evaluation of arguments. | EXP10-C |
| V687 | Size of an array calculated by the sizeof() operator was added to a pointer. It is possible that the number of elements should be calculated by sizeof(A)/sizeof(A[0]). | EXP08-C |
| V688 | The 'foo' local variable possesses the same name as one of the class members, which can result in a confusion. | DCL01-C |
| V689 | The destructor of the 'Foo' class is not declared as a virtual. It is possible that a smart pointer will not destroy an object correctly. | OOP52-CPP |
| V692 | An inappropriate attempt to append a null character to a string. To determine the length of a string by 'strlen' function correctly, a string ending with a null terminator should be used in the first place. | STR32-C |
| V694 | The condition (ptr - const_value) is only false if the value of a pointer equals a magic constant. | ARR30-C |
| V695 | Range intersections are possible within conditional expressions. | MSC01-C |
| V696 | The 'continue' operator will terminate 'do { ... } while (FALSE)' loop because the condition is always false. | MSC01-C |
| V697 | A number of elements in the allocated array is equal to size of a pointer in bytes. | ARR01-C |
| V698 | strcmp()-like functions can return not only the values -1, 0 and 1, but any values. | EXP12-C |
| V699 | Consider inspecting the 'foo = bar = baz ? .... : ....' expression. It is possible that 'foo = bar == baz ? .... : ....' should be used here instead. | EXP45-C |
| V701 | realloc() possible leak: when realloc() fails in allocating memory, original pointer is lost. Consider assigning realloc() to a temporary pointer. | WIN30-C, MEM51-CPP |
| V703 | It is odd that the 'foo' field in derived class overwrites field in base class. | DCL01-C |
| V705 | It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics. | EXP19-C |
| V708 | Dangerous construction is used: 'm[x] = m.size()', where 'm' is of 'T' class. This may lead to undefined behavior. | EXP50-CPP |
| V709 | Suspicious comparison found: 'a == b == c'. Remember that 'a == b == c' is not equal to 'a == b && b == c'. | EXP13-C |
| V711 | It is dangerous to create a local variable within a loop with a same name as a variable controlling this loop. | DCL01-C |
| V712 | Be advised that compiler may delete this cycle or make it infinity. Use volatile variable(s) or synchronization primitives to avoid this. | MSC06-C |
| V713 | The pointer was utilized in the logical expression before it was verified against nullptr in the same logical expression. | EXP34-C |
| V714 | Variable is not passed into foreach loop by a reference, but its value is changed inside of the loop. | MSC13-C |
| V715 | The 'while' operator has empty body. Suspicious pattern detected. | EXP15-C |
| V719 | The switch statement does not cover all values of the enum. | MSC01-C |
| V722 | An abnormality within similar comparisons. It is possible that a typo is present inside the expression. | MSC01-C |
| V723 | Function returns a pointer to the internal string buffer of a local object, which will be destroyed. | DCL30-C |
| V724 | Converting integers or pointers to BOOL can lead to a loss of high-order bits. Non-zero value can become 'FALSE'. | INT31-C |
| V726 | An attempt to free memory containing the 'int A[10]' array by using the 'free(A)' function. | MEM34-C |
| V727 | Return value of 'wcslen' function is not multiplied by 'sizeof(wchar_t)' | STR31-C |
| V730 | Not all members of a class are initialized inside the constructor. | EXP53-CPP |
| V733 | It is possible that macro expansion resulted in incorrect evaluation order. | PRE01-C |
| V736 | The behavior is undefined for arithmetic or comparisons with pointers that do not point to members of the same array. | ARR36-C |
| V738 | Temporary anonymous object is used. | DCL30-C |
| V739 | EOF should not be compared with a value of the 'char' type. Consider using the 'int' type. | INT31-C |
| V742 | Function receives an address of a 'char' type variable instead of pointer to a buffer. | EXP37-C |
| V743 | The memory areas must not overlap. Use 'memmove' function. | EXP37-C |
| V744 | Temporary object is immediately destroyed after being created. Consider naming the object. | MSC13-C |
| V746 | Object slicing. An exception should be caught by reference rather than by value. | ERR61-CPP |
| V747 | An odd expression inside parenthesis. It is possible that a function name is missing. | MSC01-C |
| V748 | Memory for 'getline' function should be allocated only by 'malloc' or 'realloc' functions. Consider inspecting the first parameter of 'getline' function. | MEM51-CPP |
| V749 | Destructor of the object will be invoked a second time after leaving the object's scope. | MEM53-CPP |
| V751 | Parameter is not used inside function's body. | MSC13-C |
| V752 | Creating an object with placement new requires a buffer of large size. | MEM54-CPP |
| V755 | Copying from unsafe data source. Buffer overflow is possible. | STR31-C |
| V757 | It is possible that an incorrect variable is compared with null after type conversion using 'dynamic_cast'. | EXP12-C |
| V758 | Reference invalidated because of the destruction of the temporary object returned by the function. | EXP54-CPP |
| V759 | Violated order of exception handlers. Exception caught by handler for base class. | ERR54-CPP |
| V763 | Parameter is always rewritten in function body before being used. | MSC13-C |
| V764 | Possible incorrect order of arguments passed to function. | EXP37-C |
| V769 | The pointer in the expression equals nullptr. The resulting value is meaningless and should not be used. | EXP08-C |
| V772 | Calling the 'delete' operator for a void pointer will cause undefined behavior. | MSC15-C |
| V773 | The function was exited without releasing the pointer/handle. A memory/resource leak is possible. | MEM31-C, MEM51-CPP |
| V774 | The pointer was used after the memory was released. | MEM30-C, MEM50-CPP |
| V777 | Dangerous widening type conversion from an array of derived-class objects to a base-class pointer. | CTR56-CPP |
| V779 | Unreachable code detected. It is possible that an error is present. | MSC12-C |
| V780 | The object of non-passive (non-PDS) type cannot be used with the function. | EXP62-CPP, OOP57-CPP |
| V781 | The value of the variable is checked after it was used. Perhaps there is a mistake in program logic. Check lines: N1, N2. | API00-C, CTR50-CPP, MEM35-C |
| V782 | It is pointless to compute the distance between the elements of different arrays. | ARR36-C |
| V783 | Dereferencing of invalid iterator 'X' might take place. | CTR51-CPP |
| V785 | Constant expression in switch statement. | MSC01-C |
| V786 | Assigning the value C to the X variable looks suspicious. The value range of the variable: [A, B]. | MSC01-C |
| V788 | Review captured variable in lambda expression. | EXP53-CPP |
| V789 | Iterators for the container, used in the range-based for loop, become invalid upon a function call. | CTR53-CPP |
| V796 | A 'break' statement is probably missing in a 'switch' statement. | MSC17-C |
| V797 | The function is used as if it returned a bool type. The return value of the function should probably be compared with std::string::npos. | EXP12-C |
| V798 | The size of the dynamic array can be less than the number of elements in the initializer. | ARR02-C |
| V1001 | The variable is assigned but is not used by the end of the function. | MSC13-C |
| V1004 | The pointer was used unsafely after it was verified against nullptr. | EXP08-C, EXP34-C, EXP37-C |
| V1006 | Several shared_ptr objects are initialized by the same pointer. A double memory deallocation will occur. | MEM56-CPP |
| V1007 | The value from the uninitialized optional is used. Probably it is a mistake. | EXP53-CPP |
| V1014 | Structures with members of real type are compared byte-wise. | FLP37-C |
| V1016 | The value is out of range of enum values. This causes unspecified or undefined behavior. | INT50-CPP |
| V1023 | A pointer without owner is added to the container by the 'emplace_back' method. A memory leak will occur in case of an exception. | ERR56-CPP |
| V1026 | The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow. | INT32-C |
| V1029 | Numeric Truncation Error. Return value of function is written to N-bit variable. | INT31-C |
| V1032 | Pointer is cast to a more strictly aligned pointer type. | EXP36-C |
| V1034 | Do not use real-type variables as loop counters. | FLP30-C |
| V1035 | Only values that are returned from fgetpos() can be used as arguments to fsetpos(). | FIO44-C |
| V2001 | Consider using the extended version of the 'foo'function here. | MSC24-C |
| V2002 | Consider using the 'Ptr' version of the 'foo' function here. | MSC24-C |
| V2003 | Explicit conversion from 'float/double' type to signed integer type. | FLP34-C |
| V2004 | Explicit conversion from 'float/double' type to unsigned integer type. | FLP34-C |
| V2501 | MISRA. Octal constants should not be used. | DCL18-C |
| V2503 | MISRA. Implicitly specified enumeration constants should be unique – consider specifying non-unique constants explicitly. | INT09-C |
| V2507 | MISRA. The body of a loop\conditional statement should be enclosed in braces. | EXP19-C |
| V2508 | MISRA. The function with the 'atof/atoi/atoll/atoll' name should not be used. | MSC24-C |
| V2509 | MISRA. The function with the 'abort/exit/getenv/system' name should not be used. | MSC24-C |
| V2510 | MISRA. The function with the 'qsort/bsearch' name should not be used. | MSC24-C |
| V2511 | MISRA. Memory allocation and deallocation functions should not be used. | MSC24-C |
| V2512 | MISRA. The macro with the 'setjmp' name and the function with the 'longjmp' name should not be used. | MSC22-C |
| V2513 | MISRA. Unbounded functions performing string operations should not be used. | MSC24-C |
| V2516 | MISRA. The 'if' ... 'else if' construct should be terminated with an 'else' statement. | MSC01-C |
| V2517 | MISRA. Literal suffixes should not contain lowercase characters. | DCL16-C |
| V2519 | MISRA. Every 'switch' statement should have a 'default' label, which, in addition to the terminating 'break' statement, should contain either a statement or a comment. | MSC01-C |
| V2520 | MISRA. Every switch-clause should be terminated by an unconditional 'break' or 'throw' statement. | MSC17-C |
| V2522 | MISRA. The 'switch' statement should have 'default' as the last label. | MSC01-C |
| V2524 | MISRA. A switch-label should only appear at the top level of the compound statement forming the body of a 'switch' statement. | MSC20-C |
| V2526 | MISRA. The functions from time.h/ctime should not be used. | MSC24-C |
| V2534 | MISRA. The loop counter should not have floating-point type. | FLP30-C |
| V2535 | MISRA. Unreachable code should not be present in the project. | MSC12-C |
| V2537 | MISRA. Functions should not have unused parameters. | MSC12-C |
| V2538 | MISRA. The value of uninitialized variable should not be used. | EXP33-C, EXP53-CPP |
| V6049 | Classes that define 'equals' method must also define 'hashCode' method. | MET09-J |
| V6050 | Class initialization cycle is present. | DCL00-J |
| V6051 | Use of jump statements in 'finally' block can lead to the loss of unhandled exceptions. | ERR04-J |
| V6052 | Calling an overridden method in parent-class constructor may lead to use of uninitialized data. | MET05-J |
| V6053 | Collection is modified while iteration is in progress. ConcurrentModificationException may occur. | MSC06-J |
| V6054 | Classes should not be compared by their name. | OBJ09-J |
| V6055 | Expression inside assert statement can change object's state. | EXP06-J |
| V6061 | The used constant value is represented by an octal form. | DCL50-J |
| V6064 | Suspicious invocation of Thread.run(). | THI00-J |
| V6066 | Passing objects of incompatible types to the method of collection. | EXP04-J |
Написать нам