Description:
This update for cppcheck fixes the following issues:
- CVE-2023-39070: Fixed heap use-after-free in removeContradiction() (boo#1215233)
- update to 2.12.1:
* Support importing projects with project-name
- update to 2.12.0:
* uselessOverride finds overriding functions that either
duplicate code from or delegate back to the base class
implementation
* knownPointerToBool finds pointer to bool conversions that are
always true or false
* truncLongCastAssignment and truncLongCastReturn check
additional types, including float/double/long double
* duplInheritedMember also reports duplicated member functions
* constParameter*/constVariable* checks find more instances of
pointers/references that can be const, e.g. when calling
library functions
* Write how many checkers was activated after a run
* Added --checkers-report that can be used to generate a report
in a file that shows what checkers was activated and disabled
* The qmake build system has been deprecated and will be
removed in a future version.
* Command-line option '--template
- update to 2.11:
* pop_back on empty container is UB
* Improve useStlAlgorithm check to handle many more conditions
in the loop for any_of, all_of and none_of algorithms
* ValueFlow can evaluate the return value of functions even
when conditionals are used
* ValueFlow will now forward the container sizes being returned
from a function
* ValueFlow can infer possible values from possible symbolic
values
* Improve valueflow after pushing to container
* The new option --check-level= has been added that controls
how much checking is made by Cppcheck. The default checking
level is "normal". If you feel that you can wait longer on
results you can use --check-level=exhaustive.
* It is no longer necessary to run "--check-config" to get
detailed "missingInclude" and "missingIncludeSystem"
messages. They will always be issued in the regular analysis
if "missingInclude" is enabled.
* "missingInclude" and "missingIncludeSystem" are reported with
"-j" is > 1 and processes are used in the backend (default in
non-Windows binaries)
* "missingInclude" and "missingIncludeSystem" will now cause
the "--error-exitcode" to be applied
* "--enable=information" will no longer implicitly enable
"missingInclude" starting with 2.16. Please enable it
explicitly if you require it.
* The `constParameter` and `constVariable` checks have been
split into 3 different IDs based on if the variable is a
pointer, a reference, or local. The different IDs will allow
users to suppress different const warning based on variable
type.
* `constParameter`
* `constParameterReference`
* `constParameterPointer`
* `constVariable`
* `constVariableReference`
* `constVariablePointer`
* More command-line parameters will now check if the given
integer argument is actually valid. Several other internal
string-to-integer conversions will now be error checked.
* scanning projects (with -j1) will now defer the analysis of
markup files until the whole code was processed
- update to 2.10.3:
* SymbolDatabase: Fix handling of function pointer arguments
- update to 2.10.2:
* GUI: Set proper title for compliance report dialog
* GUI: Generate compliance report
* Tokenizer: tweaked simplification of function pointers
* fix whole program analysis
* Import Project: Fix problem with define value with space
* Fix execution of executable addons from GUI
* fix for windows installer, no other changes
* Fixes when importing AST from clang
* comments can be added at end of suppression in suppressions file
is similar to GCC. If you want to get warnings in the old
* Added Cppcheck annotations cppcheck_low(VALUE) and
* Added API01-C: Avoid laying out strings in memory directly
* Duplicate expression for condition and assignment: if (x==3) x=3;
* Patch was submitted (https://github.com/danmar/cppcheck/pull/1554)
and accepted so this change should be reverted and replaced with a CMake compile definition
- Multifile checking for buffer overruns and uninitialized
- A bunch of additions to several Libraries, especially
* Additionally, lots of false positives and bugs have been fixed
and several existing checks have been improved.
- Library files have now a 'format' attribute. Format version
- Cppcheck does no longer abort checking if unhandled
- Detect shift by too many bits, signed integer overflow and
- Dead pointer usage when pointer alias local variable that
- Improved AST creation (support placement new, C++-style
- Support GCC extension __attriute__((used)) and MSVC
- Better support for static member variables, inherited
- Improved typedef support where multiple variables are
- Avoid checking code multiple times by calculating a checksum.
- HTML report: display 'verbose' message using clickable
* Additionally, lots of false positives and bugs have been fixed
- Returning references to literals or references to calculation
- Enhanced support for commutative operators in duplicate
- Definition of minsize for buffer arguments in .cfg files
- Fixed handling of #error: Do not report them if -f and -D
- Generate xml dump of AST/ValueFlow/SymbolDatabase/TokenList
- Cppcheck requires a C++11 compiler supporting the common
subset of features supported by GCC 4.4, Visual Studio 2010
- Much improved support of complex combinations of function
- More robust error detection in several checks due to usage
- Allocation/Deallocation functions can be extend across
- Better handling of some C++11 language features like enum
- Check for unhandled exceptions when exception specifiers
* Additionally, a large number of false positives and crashs
has been fixed.
- New option to enable warnings but not style messages:
- Cppcheck used to skip includes where the header filename
is enclosed in <>. You can now include these headers also by
using -I.
- New POSIX checks: pipe() buffer size, redundant calls of
set/get user id, too big value passed to usleep(), buffer
- Storing getc() return value in char variable and comparing
- Portability check that warns when using NULL as argument to
variadic function. It has undefined behaviour on some
- Improved checking for uninitialized struct members,
- Added --include to the cppcheck command line client. This forces
inclusion of the given file. This can for instance be used
- The threads handling has been improved. Using -jN now works in
- NULL pointers: Improved checking of default function
argument values.
- full change log
http://raw.github.com/danmar/cppcheck/master/Changelog