Common Weakness Enumeration (CWE) - система классификации потенциальных и подтверждённых уязвимостей. Она поддерживается сообществом с целью выявления проблем программного обеспечения и создания автоматизированных инструментов, которые могут использоваться для выявления и устранения этих проблем.
CCR (Coverage Claims Representation) для PVS-Studio доступно здесь.
| Код ошибки | Название ошибки | CWE ID |
| V501 | There are identical sub-expressions to the left and to the right of the 'foo' operator. | CWE-570, CWE-571 |
| V502 | Perhaps the '?:' operator works in a different way than it was expected. The '?:' operator has a lower priority than the 'foo' operator. | CWE-783 |
| V503 | This is a nonsensical comparison: pointer < 0. | CWE-697 |
| V504 | It is highly probable that the semicolon ';' is missing after 'return' keyword. | CWE-841 |
| V505 | The 'alloca' function is used inside the loop. This can quickly overflow stack. | CWE-770 |
| V506 | Pointer to local variable 'X' is stored outside the scope of this variable. Such a pointer will become invalid. | CWE-562 |
| V507 | Pointer to local array 'X' is stored outside the scope of this array. Such a pointer will become invalid. | CWE-562 |
| V508 | The use of 'new type(n)' pattern was detected. Probably meant: 'new type[n]'. | CWE-480 |
| V509 | Exceptions that were raised inside noexcept functions must be wrapped in a try..catch block. | CWE-248, CWE-703 |
| V510 | The 'Foo' function is not expected to receive class-type variable as 'N' actual argument. | CWE-686 |
| V511 | The sizeof() operator returns size of the pointer, and not of the array, in given expression. | CWE-467 |
| V512 | A call of the 'Foo' function will lead to a buffer overflow or underflow. | CWE-682, CWE-467, CWE-193, CWE-806, CWE-787, CWE-125, CWE-119 |
| V513 | Use _beginthreadex/_endthreadex functions instead of CreateThread/ExitThread functions. | CWE-676 |
| V514 | Dividing sizeof a pointer by another value. There is a probability of logical error presence. | CWE-131 |
| V515 | The 'delete' operator is applied to non-pointer. | CWE-763 |
| V516 | Consider inspecting an odd expression. Non-null function pointer is compared to null. | CWE-570, CWE-571 |
| V517 | The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence. | CWE-570 |
| V518 | The 'malloc' function allocates strange amount of memory calculated by 'strlen(expr)'. Perhaps the correct variant is strlen(expr) + 1. | CWE-131 |
| V519 | The 'x' variable is assigned values twice successively. Perhaps this is a mistake. | CWE-563 |
| V520 | The comma operator ',' in array index expression. | CWE-480 |
| V521 | Such expressions using the ',' operator are dangerous. Make sure the expression is correct. | CWE-480 |
| V522 | Dereferencing of the null pointer might take place. | CWE-690, CWE-476 |
| V523 | The 'then' statement is equivalent to the 'else' statement. | CWE-691 |
| V525 | The code contains the collection of similar blocks. Check items X, Y, Z, ... in lines N1, N2, N3, ... | CWE-682 |
| V526 | The 'strcmp' function returns 0 if corresponding strings are equal. Consider examining the condition for mistakes. | CWE-253 |
| V527 | It is odd that the 'zero' value is assigned to pointer. Probably meant: *ptr = zero. | CWE-351 |
| V528 | It is odd that pointer is compared with the 'zero' value. Probably meant: *ptr != zero. | CWE-697 |
| V529 | Odd semicolon ';' after 'if/for/while' operator. | CWE-670 |
| V530 | The return value of function 'Foo' is required to be utilized. | CWE-252 |
| V531 | It is odd that a sizeof() operator is multiplied by sizeof(). | CWE-131 |
| V532 | Consider inspecting the statement of '*pointer++' pattern. Probably meant: '(*pointer)++'. | CWE-480 |
| V533 | It is likely that a wrong variable is being incremented inside the 'for' operator. Consider reviewing 'X'. | CWE-691 |
| V534 | It is likely that a wrong variable is being compared inside the 'for' operator. Consider reviewing 'X'. | CWE-691 |
| V535 | The variable 'X' is being used for this loop and for the outer loop. | CWE-691 |
| V536 | Be advised that the utilized constant value is represented by an octal form. | CWE-682 |
| V537 | Consider reviewing the correctness of 'X' item's usage. | CWE-682 |
| V539 | Consider inspecting iterators which are being passed as arguments to function 'Foo'. | CWE-688 |
| V540 | Member 'x' should point to string terminated by two 0 characters. | CWE-628 |
| V541 | It is dangerous to print a string into itself. | CWE-628 |
| V542 | Consider inspecting an odd type cast: 'Type1' to ' Type2'. | CWE-704 |
| V543 | It is odd that value 'X' is assigned to the variable 'Y' of HRESULT type. | CWE-704 |
| V544 | It is odd that the value 'X' of HRESULT type is compared with 'Y'. | CWE-253 |
| V545 | Such conditional expression of 'if' statement is incorrect for the HRESULT type value 'Foo'. The SUCCEEDED or FAILED macro should be used instead. | CWE-253 |
| V546 | Member of a class is initialized with itself: 'Foo(Foo)'. | CWE-665 |
| V547 | Expression is always true/false. | CWE-570, CWE-571 |
| V548 | Consider reviewing type casting. TYPE X[][] is not equivalent to TYPE **X. | CWE-704 |
| V549 | The 'first' argument of 'Foo' function is equal to the 'second' argument. | CWE-688 |
| V550 | An odd precise comparison. It's probably better to use a comparison with defined precision: fabs(A - B) < Epsilon or fabs(A - B) > Epsilon. | CWE-682 |
| V551 | The code under this 'case' label is unreachable. | CWE-561 |
| V552 | A bool type variable is being incremented. Perhaps another variable should be incremented instead. | CWE-480 |
| V554 | Incorrect use of smart pointer. | CWE-762 |
| V555 | The expression of the 'A - B > 0' kind will work as 'A != B'. | CWE-191 |
| V556 | The values of different enum types are compared. | CWE-697 |
| V557 | Array overrun is possible. | CWE-119, CWE-125, CWE-787 |
| V558 | Function returns the pointer/reference to temporary local object. | CWE-562 |
| V559 | Suspicious assignment inside the conditional expression of 'if/while/for' statement. | CWE-481 |
| V560 | A part of conditional expression is always true/false. | CWE-570, CWE-571 |
| V561 | It's probably better to assign value to 'foo' variable than to declare it anew. | CWE-563 |
| V562 | It's odd to compare a bool type value with a value of N. | CWE-563 |
| V563 | It is possible that this 'else' branch must apply to the previous 'if' statement. | CWE-670 |
| V564 | The '&' or '|' operator is applied to bool type value. You've probably forgotten to include parentheses or intended to use the '&&' or '||' operator. | CWE-480 |
| V565 | An empty exception handler. Silent suppression of exceptions can hide the presence of bugs in source code during testing. | CWE-544 |
| V566 | The integer constant is converted to pointer. Possibly an error or a bad coding style. | CWE-587 |
| V567 | The modification of a variable is unsequenced relative to another operation on the same variable. This may lead to undefined behavior. | CWE-758 |
| V568 | It's odd that the argument of sizeof() operator is the expression. | CWE-131 |
| V569 | Truncation of constant value. | CWE-197 |
| V570 | The variable is assigned to itself. | CWE-480 |
| V571 | Recurring check. This condition was already verified in previous line. | CWE-571 |
| V572 | It is odd that the object which was created using 'new' operator is immediately cast to another type. | CWE-665 |
| V573 | Uninitialized variable 'Foo' was used. The variable was used to initialize itself. | CWE-457 |
| V574 | The pointer is used simultaneously as an array and as a pointer to single object. | CWE-823 |
| V575 | Function receives an odd argument. | CWE-628 |
| V576 | Incorrect format. Consider checking the N actual argument of the 'Foo' function. | CWE-628, CWE-687, CWE-685, CWE-686 |
| V577 | Label is present inside a switch(). It is possible that these are misprints and 'default:' operator should be used instead. | CWE-478 |
| V578 | An odd bitwise operation detected. Consider verifying it. | CWE-480 |
| V579 | The 'Foo' function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the N argument. | CWE-467 |
| V580 | An odd explicit type casting. Consider verifying it. | CWE-843 |
| V581 | The conditional expressions of the 'if' statements situated alongside each other are identical. | CWE-670 |
| V582 | Consider reviewing the source code which operates the container. | CWE-119, CWE-125, CWE-787 |
| V583 | The '?:' operator, regardless of its conditional expression, always returns one and the same value. | CWE-783 |
| V584 | The same value is present on both sides of the operator. The expression is incorrect or it can be simplified. | CWE-480 |
| V585 | An attempt to release the memory in which the 'Foo' local variable is stored. | CWE-762 |
| V586 | The 'Foo' function is called twice for deallocation of the same resource. | CWE-675, CWE-415 |
| V588 | The expression of the 'A =+ B' kind is utilized. Consider reviewing it, as it is possible that 'A += B' was meant. | CWE-480 |
| V589 | The expression of the 'A =- B' kind is utilized. Consider reviewing it, as it is possible that 'A -= B' was meant. | CWE-480 |
| V590 | Consider inspecting this expression. The expression is excessive or contains a misprint. | CWE-571 |
| V591 | Non-void function should return a value. | CWE-393 |
| V593 | Consider reviewing the expression of the 'A = B == C' kind. The expression is calculated as following: 'A = (B == C)'. | CWE-783 |
| V594 | The pointer steps out of array's bounds. | CWE-823 |
| V595 | The pointer was utilized before it was verified against nullptr. Check lines: N1, N2. | CWE-476 |
| V596 | The object was created but it is not being used. The 'throw' keyword could be missing. | CWE-390 |
| V597 | The compiler could delete the 'memset' function call, which is used to flush 'Foo' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. | CWE-14 |
| V598 | The 'memset/memcpy' function is used to nullify/copy the fields of 'Foo' class. Virtual table pointer will be damaged by this. | CWE-665 |
| V599 | The virtual destructor is not present, although the 'Foo' class contains virtual functions. | CWE-1079 |
| V600 | Consider inspecting the condition. The 'Foo' pointer is always not equal to NULL. | CWE-570, CWE-571 |
| V601 | An odd implicit type casting. | CWE-704 |
| V602 | Consider inspecting this expression. '<' possibly should be replaced with '<<'. | CWE-480 |
| V603 | The object was created but it is not being used. If you wish to call constructor, 'this->Foo::Foo(....)' should be used. | CWE-665 |
| V604 | It is odd that the number of iterations in the loop equals to the size of the pointer. | CWE-682 |
| V605 | Consider verifying the expression. An unsigned value is compared to the number - NN. | CWE-682 |
| V607 | Ownerless expression 'Foo'. | CWE-482 |
| V608 | Recurring sequence of explicit type casts. | CWE-704 |
| V609 | Divide or mod by zero. | CWE-369 |
| V610 | Undefined behavior. Check the shift operator. | CWE-758 |
| V611 | The memory allocation and deallocation methods are incompatible. | CWE-762, CWE-590 |
| V612 | An unconditional 'break/continue/return/goto' within a loop. | CWE-670 |
| V613 | Strange pointer arithmetic with 'malloc/new'. | CWE-761 |
| V614 | Uninitialized variable 'Foo' used. | CWE-457, CWE-824 |
| V615 | An odd explicit conversion from 'float *' type to 'double *' type. | CWE-704 |
| V616 | The 'Foo' named constant with the value of 0 is used in the bitwise operation. | CWE-480 |
| V617 | Consider inspecting the condition. An argument of the '|' bitwise operation always contains a non-zero value. | CWE-480 |
| V618 | It's dangerous to call the 'Foo' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf("%s", str); | CWE-134 |
| V619 | An array is being utilized as a pointer to single object. | CWE-480 |
| V620 | It's unusual that the expression of sizeof(T)*N kind is being summed with the pointer to T type. | CWE-682 |
| V621 | Consider inspecting the 'for' operator. It's possible that the loop will be executed incorrectly or won't be executed at all. | CWE-835 |
| V622 | Consider inspecting the 'switch' statement. It's possible that the first 'case' operator is missing. | CWE-478 |
| V623 | Consider inspecting the '?:' operator. A temporary object is being created and subsequently destroyed. | CWE-416 |
| V624 | The constant NN is being utilized. The resulting value could be inaccurate. Consider using the M_NN constant from <math.h>. | CWE-547 |
| V625 | Consider inspecting the 'for' operator. Initial and final values of the iterator are the same. | CWE-691 |
| V626 | Consider checking for misprints. It's possible that ',' should be replaced by ';'. | CWE-483 |
| V627 | Consider inspecting the expression. The argument of sizeof() is the macro which expands to a number. | CWE-682 |
| V628 | It's possible that the line was commented out improperly, thus altering the program's operation logics. | CWE-670 |
| V629 | Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type. | CWE-190 |
| V630 | The 'malloc' function is used to allocate memory for an array of objects which are classes containing constructors/destructors. | CWE-665 |
| V631 | Consider inspecting the 'Foo' function call. Defining an absolute path to the file or directory is considered a poor style. | CWE-37, CWE-39, CWE-30 |
| V632 | Consider inspecting the NN argument of the 'Foo' function. It is odd that the argument is of the 'T' type. | CWE-686 |
| V633 | Consider inspecting the expression. Probably the '!=' should be used here. | CWE-480 |
| V634 | The priority of the '+' operation is higher than that of the '<<' operation. It's possible that parentheses should be used in the expression. | CWE-783 |
| V635 | Consider inspecting the expression. The length should probably be multiplied by the sizeof(wchar_t). | CWE-135 |
| V636 | The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid overflow or loss of a fractional part. | CWE-682 |
| V637 | Two opposite conditions were encountered. The second condition is always false. | CWE-570 |
| V638 | A terminal null is present inside a string. The '\0xNN' characters were encountered. Probably meant: '\xNN'. | CWE-665 |
| V639 | Consider inspecting the expression for function call. It is possible that one of the closing ')' parentheses was positioned incorrectly. | CWE-685 |
| V640 | The code's operational logic does not correspond with its formatting. | CWE-483 |
| V641 | The buffer size is not a multiple of the element size. | CWE-704 |
| V642 | Saving the function result inside the 'byte' type variable is inappropriate. The significant bits could be lost breaking the program's logic. | CWE-197 |
| V643 | Unusual pointer arithmetic. The value of the 'char' type is being added to the string pointer. | CWE-480 |
| V644 | A suspicious function declaration. It is possible that the T type object was meant to be created. | CWE-664 |
| V645 | The function call could lead to the buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. | CWE-787, CWE-193 |
| V646 | Consider inspecting the application's logic. It's possible that 'else' keyword is missing. | CWE-670 |
| V647 | The value of 'A' type is assigned to the pointer of 'B' type. | CWE-587 |
| V648 | Priority of the '&&' operation is higher than that of the '||' operation. | CWE-783 |
| V649 | There are two 'if' statements with identical conditional expressions. The first 'if' statement contains function return. This means that the second 'if' statement is senseless. | CWE-561 |
| V650 | Type casting operation is utilized 2 times in succession. Next, the '+' operation is executed. Probably meant: (T1)((T2)a + b). | CWE-468 |
| V651 | An odd operation of the 'sizeof(X)/sizeof(T)' kind is performed, where 'X' is of the 'class' type. | CWE-682 |
| V652 | The operation is executed 3 or more times in succession. | CWE-480 |
| V653 | A suspicious string consisting of two parts is used for the initialization. It is possible that a comma is missing. | CWE-665 |
| V654 | The condition of loop is always true/false. | CWE-834 |
| V655 | The strings were concatenated but are not utilized. Consider inspecting the expression. | CWE-480 |
| V656 | Variables are initialized through the call to the same function. It's probably an error or un-optimized code. | CWE-665 |
| V657 | It's odd that this function always returns one and the same value of NN. | CWE-393 |
| V658 | A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the comparison operation can potentially behave unexpectedly. | CWE-190 |
| V660 | The program contains an unused label and a function call: 'CC:AA()'. It's possible that the following was intended: 'CC::AA()'. | CWE-480 |
| V662 | Consider inspecting the loop expression. Different containers are utilized for setting up initial and final values of the iterator. | CWE-758 |
| V663 | Infinite loop is possible. The 'cin.eof()' condition is insufficient to break from the loop. Consider adding the 'cin.fail()' function call to the conditional expression. | CWE-834 |
| V664 | The pointer is being dereferenced on the initialization list before it is verified against null inside the body of the constructor function. | CWE-476 |
| V666 | Consider inspecting NN argument of the function 'Foo'. It is possible that the value does not correspond with the length of a string which was passed with the YY argument. | CWE-805 |
| V667 | The 'throw' operator does not possess any arguments and is not situated within the 'catch' block. | CWE-480 |
| V668 | There is no sense in testing the pointer against null, as the memory was allocated using the 'new' operator. The exception will be generated in the case of memory allocation error. | CWE-570, CWE-571 |
| V670 | An uninitialized class member is used to initialize another member. Remember that members are initialized in the order of their declarations inside a class. | CWE-457 |
| V671 | It is possible that the 'swap' function interchanges a variable with itself. | CWE-687 |
| V673 | More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits. | CWE-190 |
| V674 | The expression contains a suspicious mix of integer and real types. | CWE-682 |
| V676 | It is incorrect to compare the variable of BOOL type with TRUE. | CWE-253 |
| V678 | An object is used as an argument to its own method. Consider checking the first actual argument of the 'Foo' function. | CWE-688 |
| V679 | The 'X' variable was not initialized. This variable is passed by a reference to the 'Foo' function in which its value will be utilized. | CWE-457 |
| V680 | The 'delete A, B' expression only destroys the 'A' object. Then the ',' operator returns a resulting value from the right side of the expression. | CWE-401 |
| V681 | The language standard does not define an order in which the 'Foo' functions will be called during evaluation of arguments. | CWE-758 |
| V683 | Consider inspecting the loop expression. It is possible that the 'i' variable should be incremented instead of the 'n' variable. | CWE-190 |
| V684 | A value of variable is not modified. Consider inspecting the expression. It is possible that '1' should be present instead of '0'. | CWE-682 |
| V685 | Consider inspecting the return statement. The expression contains a comma. | CWE-480 |
| V686 | A pattern was detected: A || (A && ...). The expression is excessive or contains a logical error. | CWE-571 |
| V687 | Size of an array calculated by the sizeof() operator was added to a pointer. It is possible that the number of elements should be calculated by sizeof(A)/sizeof(A[0]). | CWE-682 |
| V689 | The destructor of the 'Foo' class is not declared as a virtual. It is possible that a smart pointer will not destroy an object correctly. | CWE-404 |
| V692 | An inappropriate attempt to append a null character to a string. To determine the length of a string by 'strlen' function correctly, a string ending with a null terminator should be used in the first place. | CWE-788 |
| V693 | Consider inspecting conditional expression of the loop. It is possible that 'i < X.size()' should be used instead of 'X.size()'. | CWE-835 |
| V694 | The condition (ptr - const_value) is only false if the value of a pointer equals a magic constant. | CWE-571 |
| V695 | Range intersections are possible within conditional expressions. | CWE-561, CWE-670 |
| V696 | The 'continue' operator will terminate 'do { ... } while (FALSE)' loop because the condition is always false. | CWE-670 |
| V697 | A number of elements in the allocated array is equal to size of a pointer in bytes. | CWE-682 |
| V698 | strcmp()-like functions can return not only the values -1, 0 and 1, but any values. | CWE-253 |
| V699 | Consider inspecting the 'foo = bar = baz ? .... : ....' expression. It is possible that 'foo = bar == baz ? .... : ....' should be used here instead. | CWE-481 |
| V700 | Consider inspecting the 'T foo = foo = x;' expression. It is odd that variable is initialized through itself. | CWE-480 |
| V701 | realloc() possible leak: when realloc() fails in allocating memory, original pointer is lost. Consider assigning realloc() to a temporary pointer. | CWE-401 |
| V702 | Classes should always be derived from std::exception (and alike) as 'public'. | CWE-544 |
| V704 | The 'this == 0' comparison should be avoided - this comparison is always false on newer compilers. | CWE-570, CWE-571 |
| V705 | It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics. | CWE-691 |
| V706 | Suspicious division: sizeof(X) / Value. Size of every element in X array does not equal to divisor. | CWE-682 |
| V708 | Dangerous construction is used: 'm[x] = m.size()', where 'm' is of 'T' class. This may lead to undefined behavior. | CWE-758 |
| V709 | Suspicious comparison found: 'a == b == c'. Remember that 'a == b == c' is not equal to 'a == b && b == c'. | CWE-682 |
| V712 | Be advised that compiler may delete this cycle or make it infinity. Use volatile variable(s) or synchronization primitives to avoid this. | CWE-835 |
| V713 | The pointer was utilized in the logical expression before it was verified against nullptr in the same logical expression. | CWE-476 |
| V714 | Variable is not passed into foreach loop by a reference, but its value is changed inside of the loop. | CWE-563 |
| V715 | The 'while' operator has empty body. Suspicious pattern detected. | CWE-691 |
| V716 | Suspicious type conversion: HRESULT -> BOOL (BOOL -> HRESULT). | CWE-704 |
| V717 | It is suspicious to cast object of base class V to derived class U. | CWE-843 |
| V721 | The VARIANT_BOOL type is utilized incorrectly. The true value (VARIANT_TRUE) is defined as -1. | CWE-697, CWE-665 |
| V722 | An abnormality within similar comparisons. It is possible that a typo is present inside the expression. | CWE-697 |
| V723 | Function returns a pointer to the internal string buffer of a local object, which will be destroyed. | CWE-416 |
| V724 | Converting integers or pointers to BOOL can lead to a loss of high-order bits. Non-zero value can become 'FALSE'. | CWE-197 |
| V725 | A dangerous cast of 'this' to 'void*' type in the 'Base' class, as it is followed by a subsequent cast to 'Class' type. | CWE-704 |
| V726 | An attempt to free memory containing the 'int A[10]' array by using the 'free(A)' function. | CWE-761 |
| V727 | Return value of 'wcslen' function is not multiplied by 'sizeof(wchar_t)'. | CWE-783 |
| V728 | An excessive check can be simplified. The '||' operator is surrounded by opposite expressions 'x' and '!x'. | CWE-570 |
| V730 | Not all members of a class are initialized inside the constructor. | CWE-457 |
| V731 | The variable of char type is compared with pointer to string. | CWE-665 |
| V732 | Unary minus operator does not modify a bool type value. | CWE-480 |
| V733 | It is possible that macro expansion resulted in incorrect evaluation order. | CWE-783 |
| V736 | The behavior is undefined for arithmetic or comparisons with pointers that do not point to members of the same array. | CWE-758 |
| V737 | It is possible that ',' comma is missing at the end of the string. | CWE-665 |
| V738 | Temporary anonymous object is used. | CWE-672 |
| V739 | EOF should not be compared with a value of the 'char' type. Consider using the 'int' type. | CWE-20 |
| V741 | The following pattern is used: throw (a, b);. It is possible that type name was omitted: throw MyException(a, b);. | CWE-480 |
| V742 | Function receives an address of a 'char' type variable instead of pointer to a buffer. | CWE-170 |
| V743 | The memory areas must not overlap. Use 'memmove' function. | CWE-475 |
| V744 | Temporary object is immediately destroyed after being created. Consider naming the object. | CWE-664 |
| V745 | A 'wchar_t *' type string is incorrectly converted to 'BSTR' type string. | CWE-704 |
| V747 | An odd expression inside parenthesis. It is possible that a function name is missing. | CWE-480 |
| V748 | Memory for 'getline' function should be allocated only by 'malloc' or 'realloc' functions. Consider inspecting the first parameter of 'getline' function. | CWE-762 |
| V749 | Destructor of the object will be invoked a second time after leaving the object's scope. | CWE-675 |
| V752 | Creating an object with placement new requires a buffer of large size. | CWE-788 |
| V753 | The '&=' operation always sets a value of 'Foo' variable to zero. | CWE-682 |
| V755 | Copying from unsafe data source. Buffer overflow is possible. | CWE-123 |
| V757 | It is possible that an incorrect variable is compared with null after type conversion using 'dynamic_cast'. | CWE-690 |
| V758 | Reference invalidated because of the destruction of the temporary object returned by the function. | CWE-416 |
| V759 | Violated order of exception handlers. Exception caught by handler for base class. | CWE-703 |
| V762 | Consider inspecting virtual function arguments. See NN argument of function 'Foo' in derived class and base class. | CWE-670 |
| V764 | Possible incorrect order of arguments passed to function. | CWE-683 |
| V765 | A compound assignment expression 'X += X + N' is suspicious. Consider inspecting it for a possible error. | CWE-682 |
| V766 | An item with the same key has already been added. | CWE-462 |
| V768 | The variable is of enum type. It is odd that it is used as a variable of a Boolean-type. | CWE-570, CWE-571 |
| V769 | The pointer in the expression equals nullptr. The resulting value is meaningless and should not be used. | CWE-119 |
| V770 | Possible use of a left shift operator instead of a comparison operator. | CWE-480 |
| V772 | Calling the 'delete' operator for a void pointer will cause undefined behavior. | CWE-758 |
| V773 | The function was exited without releasing the pointer/handle. A memory/resource leak is possible. | CWE-401, CWE-775 |
| V774 | The pointer was used after the memory was released. | CWE-416 |
| V775 | It is odd that the BSTR data type is compared using a relational operator. | CWE-1023 |
| V776 | Potentially infinite loop. The variable in the loop exit condition does not change its value between iterations. | CWE-835 |
| V777 | Dangerous widening type conversion from an array of derived-class objects to a base-class pointer. | CWE-468 |
| V778 | Two similar code fragments were found. Perhaps, this is a typo and 'X' variable should be used instead of 'Y'. | CWE-682 |
| V779 | Unreachable code detected. It is possible that an error is present. | CWE-561 |
| V781 | The value of the variable is checked after it was used. Perhaps there is a mistake in program logic. Check lines: N1, N2. | CWE-20, CWE-129, CWE-789 |
| V782 | It is pointless to compute the distance between the elements of different arrays. | CWE-469 |
| V783 | Dereferencing of invalid iterator 'X' might take place. | CWE-119 |
| V784 | The size of the bit mask is less than the size of the first operand. This will cause the loss of the higher bits. | CWE-197 |
| V785 | Constant expression in switch statement. | CWE-691 |
| V786 | Assigning the value C to the X variable looks suspicious. The value range of the variable: [A, B]. | CWE-197 |
| V788 | Review captured variable in lambda expression. | CWE-457 |
| V789 | Iterators for the container, used in the range-based for loop, become invalid upon a function call. | CWE-672 |
| V791 | The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead. | CWE-691 |
| V792 | The function located to the right of the '|' and '&' operators will be called regardless of the value of the left operand. Consider using '||' and '&&' instead. | CWE-691 |
| V793 | It is odd that the result of the statement is a part of the condition. Perhaps, this statement should have been compared with something else. | CWE-691 |
| V796 | A 'break' statement is probably missing in a 'switch' statement. | CWE-484 |
| V797 | The function is used as if it returned a bool type. The return value of the function should probably be compared with std::string::npos. | CWE-253 |
| V798 | The size of the dynamic array can be less than the number of elements in the initializer. | CWE-789 |
| V1001 | The variable is assigned but is not used by the end of the function. | CWE-563 |
| V1002 | A class, containing pointers, constructor and destructor, is copied by the automatically generated operator= or copy constructor. | CWE-665 |
| V1004 | The pointer was used unsafely after it was verified against nullptr. | CWE-119, CWE-476, CWE-628 |
| V1005 | The resource was acquired using 'X' function but was released using incompatible 'Y' function. | CWE-404 |
| V1006 | Several shared_ptr objects are initialized by the same pointer. A double memory deallocation will occur. | CWE-675 |
| V1007 | The value from the uninitialized optional is used. Probably it is a mistake. | CWE-457 |
| V1008 | Consider inspecting the 'for' operator. No more than one iteration of the loop will be performed. | CWE-691 |
| V1009 | Check the array initialization. Only the first element is initialized explicitly. | CWE-665 |
| V1010 | Unchecked tainted data is used in expression. | CWE-20 |
| V1012 | The expression is always false. Overflow check is incorrect. | CWE-192 |
| V1013 | Suspicious subexpression in a sequence of similar comparisons. | CWE-670 |
| V1014 | Structures with members of real type are compared byte-wise. | CWE-682 |
| V1015 | Suspicious simultaneous use of bitwise and logical operators. | CWE-480 |
| V1016 | The value is out of range of enum values. This causes unspecified or undefined behavior. | CWE-681 |
| V1017 | Variable of the 'string_view' type references a temporary object which will be removed after evaluation of an expression. | CWE-416 |
| V1018 | Usage of a suspicious mutex wrapper. It is probably unused, uninitialized, or already locked. | CWE-413, CWE-833 |
| V1019 | Compound assignment expression is used inside condition. | CWE-480 |
| V1020 | Function exited without performing epilogue actions. It is possible that there is an error. | CWE-772 |
| V1021 | The variable is assigned the same value on several loop iterations. | CWE-835 |
| V1022 | An exception was thrown by pointer. Consider throwing it by value instead. | CWE-755 |
| V1023 | A pointer without owner is added to the container by the 'emplace_back' method. A memory leak will occur in case of an exception. | CWE-460 |
| V1024 | The stream is checked for EOF before reading from it, but is not checked after reading. Potential use of invalid data. | CWE-20 |
| V1025 | Rather than creating 'std::unique_lock' to lock on the mutex, a new variable with default value is created. | CWE-820 |
| V1026 | The variable is incremented in the loop. Undefined behavior will occur in case of signed integer overflow. | CWE-190 |
| V1027 | Pointer to an object of the class is cast to unrelated class. | CWE-704 |
| V1028 | Possible overflow. Consider casting operands, not the result. | CWE-190 |
| V1029 | Numeric Truncation Error. Return value of function is written to N-bit variable. | CWE-197 |
| V1032 | Pointer is cast to a more strictly aligned pointer type. | CWE-843 |
| V1034 | Do not use real-type variables as loop counters. | CWE-834 |
| V1036 | Potentially unsafe double-checked locking. | CWE-609 |
| V1037 | Two or more case-branches perform the same actions. | CWE-691 |
| V1038 | It's odd that a char or string literal is added to a pointer. | CWE-468 |
| V1041 | Class member is initialized with dangling reference. | CWE-825 |
| V1042 | This file is marked with copyleft license, which requires you to open the derived source code. | CWE-1177 |
| V1044 | Loop break conditions do not depend on the number of iterations. | CWE-834 |
| V1045 | The DllMain function throws an exception. Consider wrapping the throw operator in a try..catch block. | CWE-248, CWE-703 |
| V1046 | Unsafe usage of the 'bool' and integer types together in the operation '&='. | CWE-682 |
| V1047 | Lifetime of the lambda is greater than lifetime of the local variable captured by reference. | CWE-672 |
| V1048 | Variable 'foo' was assigned the same value. | CWE-1164 |
| V1050 | The uninitialized class member is used when initializing the base class. | CWE-457 |
| V1051 | Consider checking for misprints. It's possible that an assigned variable should be checked in the next condition. | CWE-754 |
| V1055 | The 'sizeof' expression returns the size of the container type, not the number of elements. Consider using the 'size()' function. | CWE-131 |
| V1057 | Pseudo random sequence is the same at every program run. Consider assigning the seed to a value not known at compile-time. | CWE-337 |
| V1058 | Nonsensical comparison of two different functions' addresses. | CWE-1025 |
| V1063 | The modulo by 1 operation is meaningless. The result will always be zero. | CWE-682 |
| V1064 | The left operand of integer division is less than the right one. The result will always be zero. | CWE-682 |
| V2001 | Consider using the extended version of the 'foo' function here. | CWE-477 |
| V2002 | Consider using the 'Ptr' version of the 'foo' function here. | CWE-477 |
| V2003 | Explicit conversion from 'float/double' type to signed integer type. | CWE-681 |
| V2004 | Explicit conversion from 'float/double' type to unsigned integer type. | CWE-681 |
| V2007 | This expression can be simplified. One of the operands in the operation equals NN. Probably it is a mistake. | CWE-480 |
| V2008 | Cyclomatic complexity: NN. Consider refactoring the 'Foo' function. | CWE-407 |
| V2013 | Consider inspecting the correctness of handling the N argument in the 'Foo' function. | CWE-704 |
| V2509 | MISRA. The function with the 'abort/exit/getenv/system' name should not be used. | CWE-676 |
| V2510 | MISRA. The function with the 'qsort/bsearch' name should not be used. | CWE-676 |
| V2511 | MISRA. Memory allocation and deallocation functions should not be used. | CWE-676 |
| V2512 | MISRA. The macro with the 'setjmp' name and the function with the 'longjmp' name should not be used. | CWE-676 |
| V2513 | MISRA. Unbounded functions performing string operations should not be used. | CWE-676 |
| V2522 | MISRA. The 'switch' statement should have 'default' as the last label. | CWE-478 |
| V3001 | There are identical sub-expressions to the left and to the right of the 'foo' operator. | CWE-570, CWE-571 |
| V3003 | The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence. | CWE-570 |
| V3004 | The 'then' statement is equivalent to the 'else' statement. | CWE-691 |
| V3006 | The object was created but it is not being used. The 'throw' keyword could be missing. | CWE-390 |
| V3007 | Odd semicolon ';' after 'if/for/while' operator. | CWE-691 |
| V3008 | The 'x' variable is assigned values twice successively. Perhaps this is a mistake. | CWE-563 |
| V3009 | It's odd that this method always returns one and the same value of NN. | CWE-393 |
| V3010 | The return value of function 'Foo' is required to be utilized. | CWE-252 |
| V3011 | Two opposite conditions were encountered. The second condition is always false. | CWE-570 |
| V3012 | The '?:' operator, regardless of its conditional expression, always returns one and the same value. | CWE-783 |
| V3014 | It is likely that a wrong variable is being incremented inside the 'for' operator. Consider reviewing 'X'. | CWE-691 |
| V3015 | It is likely that a wrong variable is being compared inside the 'for' operator. Consider reviewing 'X'. | CWE-691 |
| V3016 | The variable 'X' is being used for this loop and for the outer loop. | CWE-691 |
| V3018 | Consider inspecting the application's logic. It's possible that 'else' keyword is missing. | CWE-670 |
| V3019 | It is possible that an incorrect variable is compared with null after type conversion using 'as' keyword. | CWE-697 |
| V3020 | An unconditional 'break/continue/return/goto' within a loop. | CWE-670 |
| V3021 | There are two 'if' statements with identical conditional expressions. The first 'if' statement contains method return. This means that the second 'if' statement is senseless. | CWE-561 |
| V3022 | Expression is always true/false. | CWE-570, CWE-571 |
| V3023 | Consider inspecting this expression. The expression is excessive or contains a misprint. | CWE-571 |
| V3024 | An odd precise comparison. Consider using a comparison with defined precision: Math.Abs(A - B) < Epsilon or Math.Abs(A - B) > Epsilon. | CWE-682 |
| V3025 | Incorrect format. Consider checking the N format items of the 'Foo' function. | CWE-685 |
| V3027 | The variable was utilized in the logical expression before it was verified against null in the same logical expression. | CWE-476 |
| V3028 | Consider inspecting the 'for' operator. Initial and final values of the iterator are the same. | CWE-691 |
| V3030 | Recurring check. This condition was already verified in previous line. | CWE-571 |
| V3032 | Waiting on this expression is unreliable, as compiler may optimize some of the variables. Use volatile variable(s) or synchronization primitives to avoid this. | CWE-835 |
| V3033 | It is possible that this 'else' branch must apply to the previous 'if' statement. | CWE-670 |
| V3034 | Consider inspecting the expression. Probably the '!=' should be used here. | CWE-480 |
| V3035 | Consider inspecting the expression. Probably the '+=' should be used here. | CWE-480 |
| V3036 | Consider inspecting the expression. Probably the '-=' should be used here. | CWE-480 |
| V3038 | The argument was passed to method several times. It is possible that another argument should be passed instead. | CWE-687 |
| V3039 | Consider inspecting the 'Foo' function call. Defining an absolute path to the file or directory is considered a poor style. | CWE-39 |
| V3040 | The expression contains a suspicious mix of integer and real types. | CWE-682 |
| V3041 | The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid the loss of a fractional part. | CWE-682 |
| V3042 | Possible NullReferenceException. The '?.' and '.' operators are used for accessing members of the same object. | CWE-476 |
| V3043 | The code's operational logic does not correspond with its formatting. | CWE-483 |
| V3051 | An excessive type cast or check. The object is already of the same type. | CWE-704 |
| V3052 | The original exception object was swallowed. Stack of original exception could be lost. | CWE-390 |
| V3054 | Potentially unsafe double-checked locking. Use volatile variable(s) or synchronization primitives to avoid this. | CWE-609 |
| V3055 | Suspicious assignment inside the condition expression of 'if/while/for' operator. | CWE-481 |
| V3056 | Consider reviewing the correctness of 'X' item's usage. | CWE-682 |
| V3057 | Function receives an odd argument. | CWE-628 |
| V3058 | An item with the same key has already been added. | CWE-462 |
| V3060 | A value of variable is not modified. Consider inspecting the expression. It is possible that other value should be present instead of '0'. | CWE-682 |
| V3063 | A part of conditional expression is always true/false if it is evaluated. | CWE-570, CWE-571 |
| V3064 | Division or mod division by zero. | CWE-369 |
| V3066 | Possible incorrect order of arguments passed to method. | CWE-683 |
| V3067 | It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics. | CWE-691 |
| V3069 | It's possible that the line was commented out improperly, thus altering the program's operation logics. | CWE-670 |
| V3070 | Uninitialized variables are used when initializing the 'A' variable. | CWE-457 |
| V3076 | Comparison with 'double.NaN' is meaningless. Use 'double.IsNaN()' method instead. | CWE-570, CWE-571 |
| V3080 | Possible null dereference. | CWE-476 |
| V3082 | The 'Thread' object is created but is not started. It is possible that a call to 'Start' method is missing. | CWE-563 |
| V3083 | Unsafe invocation of event, NullReferenceException is possible. Consider assigning event to a local variable before invoking it. | CWE-367 |
| V3089 | Initializer of a field marked by [ThreadStatic] attribute will be called once on the first accessing thread. The field will have default value on different threads. | CWE-665 |
| V3090 | Unsafe locking on an object. | CWE-662, CWE-833 |
| V3092 | Range intersections are possible within conditional expressions. | CWE-670 |
| V3093 | The operator evaluates both operands. Perhaps a short-circuit operator should be used instead. | CWE-480 |
| V3095 | The object was used before it was verified against null. Check lines: N1, N2. | CWE-476 |
| V3098 | The 'continue' operator will terminate 'do { ... } while (false)' loop because the condition is always false. | CWE-670 |
| V3099 | Not all the members of type are serialized inside 'GetObjectData' method. | CWE-684 |
| V3100 | NullReferenceException is possible. Unhandled exceptions in destructor lead to termination of runtime. | CWE-476 |
| V3105 | The 'a' variable was used after it was assigned through null-conditional operator. NullReferenceException is possible. | CWE-690 |
| V3106 | Possibly index is out of bound. | CWE-125, CWE-787 |
| V3108 | It is not recommended to return null or throw exceptions from 'ToString()' method. | CWE-684 |
| V3110 | Possible infinite recursion. | CWE-674 |
| V3112 | An abnormality within similar comparisons. It is possible that a typo is present inside the expression. | CWE-697 |
| V3113 | Consider inspecting the loop expression. It is possible that different variables are used inside initializer and iterator. | CWE-190 |
| V3114 | IDisposable object is not disposed before method returns. | CWE-404 |
| V3115 | It is not recommended to throw exceptions from 'Equals(object obj)' method. | CWE-684 |
| V3116 | Consider inspecting the 'for' operator. It's possible that the loop will be executed incorrectly or won't be executed at all. | CWE-835 |
| V3120 | Potentially infinite loop. The variable from the loop exit condition does not change its value between iterations. | CWE-835 |
| V3122 | Uppercase (lowercase) string is compared with a different lowercase (uppercase) string. | CWE-570 |
| V3123 | Perhaps the '??' operator works in a different way than it was expected. Its priority is lower than priority of other operators in its left part. | CWE-783 |
| V3125 | The object was used after it was verified against null. Check lines: N1, N2. | CWE-476 |
| V3127 | Two similar code fragments were found. Perhaps, this is a typo and 'X' variable should be used instead of 'Y'. | CWE-682 |
| V3128 | The field (property) is used before it is initialized in constructor. | CWE-665 |
| V3131 | The expression is checked for compatibility with the type 'A', but is casted to the 'B' type. | CWE-704 |
| V3132 | A terminal null is present inside a string. The '\0xNN' characters were encountered. Probably meant: '\xNN'. | CWE-665 |
| V3133 | Postfix increment/decrement is senseless because this variable is overwritten. | CWE-682 |
| V3134 | Shift by N bits is greater than the size of type. | CWE-128 |
| V3135 | The initial value of the index in the nested loop equals 'i'. Consider using 'i + 1' instead. | CWE-691 |
| V3136 | Constant expression in switch statement. | CWE-691 |
| V3137 | The variable is assigned but is not used by the end of the function. | CWE-563 |
| V3142 | Unreachable code detected. It is possible that an error is present. | CWE-561 |
| V3145 | Unsafe dereference of a WeakReference target. The object could have been garbage collected before the 'Target' property was accessed. | CWE-476 |
| V3146 | Possible null dereference. A method can return default null value. | CWE-476 |
| V3147 | Non-atomic modification of volatile variable. | CWE-567 |
| V3148 | Casting potential 'null' value to a value type can lead to NullReferenceException. | CWE-476 |
| V3149 | Dereferencing the result of 'as' operator can lead to NullReferenceException. | CWE-476 |
| V3151 | Potential division by zero. Variable was used as a divisor before it was compared to zero. Check lines: N1, N2. | CWE-369 |
| V3152 | Potential division by zero. Variable was compared to zero before it was used as a divisor. Check lines: N1, N2. | CWE-476 |
| V3153 | Dereferencing the result of null-conditional access operator can lead to NullReferenceException. Consider removing parentheses around null-conditional access expression. | CWE-476 |
| V3154 | The 'a % b' expression always evaluates to 0. | CWE-682 |
| V3155 | The expression is incorrect or it can be simplified. | CWE-682 |
| V3156 | The argument of the method is not expected to be null. | CWE-628 |
| V3157 | Suspicious division. Absolute value of the left operand is less than the right operand. | CWE-682 |
| V3158 | Suspicious division. Absolute values of both operands are equal. | CWE-682 |
| V6001 | There are identical sub-expressions to the left and to the right of the 'foo' operator. | CWE-570, CWE-571 |
| V6003 | The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence. | CWE-570 |
| V6004 | The 'then' statement is equivalent to the 'else' statement. | CWE-691 |
| V6006 | The object was created but it is not being used. The 'throw' keyword could be missing. | CWE-390 |
| V6007 | Expression is always true/false. | CWE-570, CWE-571 |
| V6008 | Potential null dereference. | CWE-476, CWE-690 |
| V6009 | Function receives an odd argument. | CWE-628 |
| V6010 | The return value of function 'Foo' is required to be utilized. | CWE-252 |
| V6011 | The expression contains a suspicious mix of integer and real types. | CWE-682 |
| V6012 | The '?:' operator, regardless of its conditional expression, always returns one and the same value. | CWE-783 |
| V6013 | Comparison of arrays, strings, collections by reference. Possibly an equality comparison was intended. | CWE-595 |
| V6014 | It's odd that this method always returns one and the same value of NN. | CWE-393 |
| V6015 | Consider inspecting the expression. Probably the '!='/'-='/'+=' should be used here. | CWE-480 |
| V6018 | Constant expression in switch statement. | CWE-691 |
| V6019 | Unreachable code detected. It is possible that an error is present. | CWE-561 |
| V6020 | Division or mod division by zero. | CWE-369 |
| V6021 | The value is assigned to the 'x' variable but is not used. | CWE-563 |
| V6024 | The 'continue' operator will terminate 'do { ... } while (false)' loop because the condition is always false. | CWE-670 |
| V6025 | Possibly index is out of bound. | CWE-787, CWE-125 |
| V6029 | Possible incorrect order of arguments passed to method. | CWE-683 |
| V6030 | The function located to the right of the '|' and '&' operators will be called regardless of the value of the left operand. Consider using '||' and '&&' instead. | CWE-691 |
| V6031 | The variable 'X' is being used for this loop and for the outer loop. | CWE-691 |
| V6033 | An item with the same key has already been added. | CWE-462 |
| V6034 | Shift by N bits is inconsistent with the size of type. | CWE-758 |
| V6036 | The value from the uninitialized optional is used. | CWE-457 |
| V6037 | An unconditional 'break/continue/return/goto' within a loop. | CWE-670 |
| V6038 | Comparison with 'double.NaN' is meaningless. Use 'double.isNaN()' method instead. | CWE-571, CWE-570 |
| V6039 | There are two 'if' statements with identical conditional expressions. The first 'if' statement contains method return. This means that the second 'if' statement is senseless. | CWE-561 |
| V6040 | The code's operational logic does not correspond with its formatting. | CWE-483 |
| V6041 | Suspicious assignment inside the conditional expression of 'if/while/do...while' statement. | CWE-481 |
| V6042 | The expression is checked for compatibility with type 'A', but is cast to type 'B'. | CWE-704 |
| V6043 | Consider inspecting the 'for' operator. Initial and final values of the iterator are the same. | CWE-691 |
| V6044 | Postfix increment/decrement is senseless because this variable is overwritten. | CWE-682 |
| V6046 | Incorrect format. Consider checking the N format items of the 'Foo' function. | CWE-628, CWE-685, CWE-686 |
| V6047 | It is possible that this 'else' branch must apply to the previous 'if' statement. | CWE-670 |
| V6048 | This expression can be simplified. One of the operands in the operation equals NN. Probably it is a mistake. | CWE-480 |
| V6050 | Class initialization cycle is present. | CWE-665 |
| V6051 | Use of jump statements in 'finally' block can lead to the loss of unhandled exceptions. | CWE-584 |
| V6054 | Classes should not be compared by their name. | CWE-486 |
| V6057 | Consider inspecting this expression. The expression is excessive or contains a misprint. | CWE-571 |
| V6058 | Comparing objects of incompatible types. | CWE-1024 |
| V6059 | Odd use of special character in regular expression. Possibly, it was intended to be escaped. | CWE-185 |
| V6060 | The reference was used before it was verified against null. | CWE-476 |
| V6061 | The used constant value is represented by an octal form. | CWE-682 |
| V6062 | Possible infinite recursion. | CWE-674 |
| V6063 | Odd semicolon ';' after 'if/foreach' operator. | CWE-670 |
| V6064 | Suspicious invocation of Thread.run(). | CWE-572 |
| V6067 | Two or more case-branches perform the same actions. | CWE-691 |
| V6070 | Unsafe synchronization on an object. | CWE-662 |
| V6072 | Two similar code fragments were found. Perhaps, this is a typo and 'X' variable should be used instead of 'Y'. | CWE-682 |
| V6073 | It is not recommended to return null or throw exceptions from 'toString' / 'clone' methods. | CWE-684 |
| V6074 | Non-atomic modification of volatile variable. | CWE-567 |
| V6075 | The signature of method 'X' does not conform to serialization requirements. | CWE-684 |
| V6077 | A suspicious label is present inside a switch(). It is possible that these are misprints and 'default:' label should be used instead. | CWE-478 |
| V6079 | Value of variable is checked after use. Potential logical error is present. Check lines: N1, N2. | CWE-129 |
| V6080 | Consider checking for misprints. It's possible that an assigned variable should be checked in the next condition. | CWE-754 |
| V6082 | Unsafe double-checked locking. | CWE-609 |
| V6085 | An abnormality within similar comparisons. It is possible that a typo is present inside the expression. | CWE-697 |
| V6086 | Suspicious code formatting. 'else' keyword is probably missing. | CWE-670 |
| V6089 | It's possible that the line was commented out improperly, thus altering the program's operation logics. | CWE-670 |
| V6090 | Field 'A' is being used before it was initialized. | CWE-665 |
| V6093 | Automatic unboxing of a variable may cause NullPointerException. | CWE-476 |
Написать нам