C and C++ checker reference
| Checker code | Description | Default severity | Enabled by default? | Created | Modified |
|---|---|---|---|---|---|
| ABV.ANY_SIZE_ARRAY | Buffer Overflow - Array Index Out of Bounds | 1 | false | Pre-9.2 | 9.5 |
| ABV.GENERAL | Buffer Overflow - Array Index Out of Bounds | 1 | true | 9.6 | 10.1, 10.3, 10.4, 11.0, 11.1, 11.2, 2017.3, 2021.2, 2022.1 |
| ABV.ITERATOR | Buffer Overflow - Array Index may be out of Bounds | 1 | true | Pre-9.2 | 9.5, 10.3 |
| ABV.MEMBER | Buffer Overflow - Array Index Out of Bounds | 1 | true | 9.5 | 10.3 |
| ABV.STACK | Buffer Overflow - Local Array Index Out of Bounds | 1 | true | Pre-9.2 | 9.5 |
| ABV.TAINTED | Buffer Overflow from Unvalidated Input | 1 | true | Pre-9.2 | 9.5, 10.3, 11.2 |
| ABV.UNICODE.BOUND_MAP | Buffer overflow in mapping character function | 1 | false | Pre-9.2 | 9.5 |
| ABV.UNICODE.FAILED_MAP | Mapping function failed | 1 | false | Pre-9.2 | 9.5 |
| ABV.UNICODE.NNTS_MAP | Buffer overflow in mapping character function | 1 | false | Pre-9.2 | 9.5 |
| ABV.UNICODE.SELF_MAP | Mapping function failed | 1 | false | 9.6 | |
| ABV.UNKNOWN_SIZE | Buffer Overflow - Array Index Out of Bounds | 1 | true | 9.6 | |
| ASSIGCOND.CALL | Assignment in condition (call) | 3 | false | Pre-9.2 | |
| ASSIGCOND.GEN | Assignment in condition | 3 | false | Pre-9.2 | |
| BSTR.CAST.C | C style type cast to BSTR | 4 | false | Pre-9.2 | |
| BSTR.CAST.CPP | C++ style type cast to BSTR | 4 | false | Pre-9.2 | |
| BSTR.FUNC.ALLOC | Incorrect call to BSTR allocating function | 4 | false | Pre-9.2 | |
| BSTR.FUNC.FREE | Incorrect call to BSTR freeing function | 4 | false | Pre-9.2 | |
| BSTR.FUNC.LEN | Trying to get length of non-BSTR string using BSTR-related functions | 4 | false | Pre-9.2 | |
| BSTR.FUNC.REALLOC | Incorrect call to BSTR reallocating function | 4 | false | Pre-9.2 | |
| BSTR.IA.ASSIGN | BSTR variable is assigned a non-BSTR value | 4 | false | Pre-9.2 | |
| BSTR.IA.INIT | BSTR variable is initialized with a non-BSTR value | 4 | false | Pre-9.2 | |
| BSTR.OPS.ARITHM | Illegal arithmetic operations with BSTR values | 4 | false | Pre-9.2 | |
| BSTR.OPS.COMP | Illegal comparison of BSTR values | 4 | false | Pre-9.2 | |
| BSTR.OPS.EQS | Illegal equality comparison of BSTR values | 4 | false | Pre-9.2 | |
| BYTEORDER.HTON.SEND | Missed conversion from host to network byte order | 3 | false | 9.2 | |
| BYTEORDER.HTON.WRITE | Missed conversion from host to network byte order | 3 | false | 9.2 | |
| BYTEORDER.NTOH.READ | Missed conversion from network to host byte order | 3 | false | 9.2 | |
| BYTEORDER.NTOH.RECV | Missed conversion from network to host byte order | 3 | false | 9.2 | |
| CERT.ARR.PTR.ARITH | Pointer is used in arithmetic expression | 4 | false | 2021.3 | |
| CERT.EXPR.PARENS | The precedence of operators within expressions should be made explicit. | 4 | false | 2022.1 | |
| CERT.FILE_PTR.DEREF | A pointer to a FILE object shall not be dereferenced | 4 | false | 2022.1 | |
| CERT.FILE_PTR.DEREF.CAST | Object is casted to a FILE pointer, and it shall not be dereferenced | 4 | false | 2022.1 | |
| CERT.FILE_PTR.DEREF.INDIRECT | A pointer to a FILE object shall not be indirectly dereferenced by a system function | 4 | false | 2022.1 | |
| CERT.FILE_PTR.DEREF.RETURN | A pointer to a FILE object (returned by function) shall not be dereferenced | 4 | false | 2022.1 | |
| CERT.MEMCMP.FLOAT_MEMBER | Do not compare when member is floating point | 4 | false | 2021.3 | |
| CERT.MEMCMP.PADDED_DATA | Do not compare padding data | 4 | false | 2021.3 | |
| CERT.OOP.CTOR.VIRTUAL_FUNC | Do not invoke virtual functions from constructors or destructors | 4 | false | 2022.1 | |
| CERT.PUTENV.AUTO_VARIABLE | Do not call putenv() with a pointer to an automatic variable as the argument | 4 | false | 2022.1 | |
| CL.ASSIGN.NON_CONST_ARG | Assignment operator declares non-constant reference argument | 4 | true | 9.5 | |
| CL.ASSIGN.RETURN_CONST | Assignment operator returns constant reference | 4 | true | 9.5 | |
| CL.ASSIGN.VOID | Assignment operator returns void | 4 | true | 9.5 | |
| CL.FFM.ASSIGN | Use of free memory (double free) - no operator= | 3 | true | Pre-9.2 | 9.5 |
| CL.FFM.COPY | Use of free memory (double free) - no copy constructor | 3 | true | Pre-9.2 | 9.5 |
| CL.FMM | Freeing Mismatched Memory - in destructor | 3 | true | Pre-9.2 | 9.5, 10.1 |
| CL.MLK | Memory Leak - in destructor | 3 | true | Pre-9.2 | 9.5 |
| CL.MLK.ASSIGN | Memory Leak - in assignment operator | 3 | true | 10.1 | |
| CL.MLK.VIRTUAL | Memory Leak - possible in destructor | 2 | true | Pre-9.2 | 9.5 |
| CL.SELF-ASSIGN | Use of free memory (double free) - in operator= | 2 | true | Pre-9.2 | 9.5 |
| CL.SHALLOW.ASSIGN | Use of free memory (double free) - shallow copy in operator= | 2 | true | 10.1 | |
| CL.SHALLOW.COPY | Use of free memory (double free) - shallow copy in copy constructor | 2 | true | 10.1 | |
| CONC.DBL_LOCK | Double Lock | 2 | false | 2021.2 | |
| CONC.DBL_UNLOCK | Double Unlock | 2 | false | 2021.2 | 2021.3 |
| CONC.DL | Deadlock | 2 | false | 9.2 | |
| CONC.NO_LOCK | Missing lock for variable | 2 | false | 2021.2 | |
| CONC.NO_UNLOCK | Missing unlock for variable | 2 | true | Pre-9.2 | |
| CONC.SLEEP | Function may block in critical section | 3 | true | Pre-9.2 | |
| CWARN.ALIGNMENT | Incorrect pointer scaling is used | 4 | true | 9.5 | |
| CWARN.BAD.PTR.ARITH | Bad pointer arithmetic | 4 | false | 10.0 | |
| CWARN.BITOP.SIZE | Operands of different size in bitwise operation | 4 | true | 10.0 | 2020.3 |
| CWARN.BOOLOP.INC | A boolean is incremented or decremented | 4 | true | Pre-9.2 | 9.5 |
| CWARN.CAST.VIRTUAL_INHERITANCE | C-style cast of pointer to object with virtual methods to pointer to its derived class | 4 | false | 10.0 | |
| CWARN.CMPCHR.EOF | A 'char' expression compared with EOF constant | 4 | false | 9.2 | 9.5 |
| CWARN.CONSTCOND.DO | 'do' controlling expression is constant | 4 | false | Pre-9.2 | 9.5 |
| CWARN.CONSTCOND.IF | 'if' controlling expression is constant | 4 | false | Pre-9.2 | 9.5 |
| CWARN.CONSTCOND.SWITCH | 'switch' selector expression is constant | 4 | false | Pre-9.2 | 9.5 |
| CWARN.CONSTCOND.TERNARY | Controlling condition in conditional expression is constant | 4 | false | Pre-9.2 | 9.5 |
| CWARN.CONSTCOND.WHILE | 'while' controlling expression is constant | 4 | false | Pre-9.2 | 9.5 |
| CWARN.COPY.NOASSIGN | Class defines copy constructor, but no assignment operator | 4 | false | Pre-9.2 | 9.5, 11.0 |
| CWARN.DTOR.NONVIRT.DELETE | Delete expression for an object of a class with virtual methods and no virtual destructor | 2 | true | Pre-9.2 | 9.5 |
| CWARN.DTOR.NONVIRT.NOTEMPTY | Class has virtual functions inherited from a base class, but its destructor is not virtual and not empty | 2 | true | Pre-9.2 | 9.5 |
| CWARN.DTOR.VOIDPTR | Delete expression with an object of type pointer to void | 3 | true | 2019.3 | |
| CWARN.EMPTY.LABEL | Empty label statement | 4 | false | Pre-9.2 | 9.5 |
| CWARN.EMPTY.TYPEDEF | Missing typedef name | 4 | false | Pre-9.2 | 9.5 |
| CWARN.FUNCADDR | Function address is used instead of a call to this function | 2 | false | Pre-9.2 | 9.5 |
| CWARN.HIDDEN.PARAM | Parameter hidden by local variable | 4 | false | Pre-9.2 | 9.5 |
| CWARN.IMPLICITINT | Anachronistic 'implicit int' | 4 | false | Pre-9.2 | 9.5 |
| CWARN.INCL.ABSOLUTE | Absolute path is used in include directive | 4 | false | 9.6 | |
| CWARN.INCL.NO_INTERFACE | Source file does not include its interface header | 4 | false | 10.0 | |
| CWARN.INLINE.NONFUNC | 'inline' used with non-function | 4 | false | Pre-9.2 | 9.5 |
| CWARN.MEMBER.INIT.ORDER | Members of the initialization list are not listed in the order in which they are declared in the class | 4 | false | 9.5 | 10.4 |
| CWARN.MEM.NONPOD | Memory manipulation routine applied to a non-POD object | 4 | true | 10.0 | |
| CWARN.MEMSET.SIZEOF.PTR | Memset-like function is called for 'sizeof' applied to pointer | 4 | false | 10.0 | 10.3, 11.1 |
| CWARN.MOVE.CONST | Const value used as argument for std::move | 4 | true | 2020.1 | |
| CWARN.NOEFFECT.OUTOFRANGE | Value outside of range | 3 | false | 10.1 | |
| CWARN.NOEFFECT.SELF_ASSIGN | A variable is assigned to self | 4 | false | 9.2 | 9.5, 10.4 |
| CWARN.NOEFFECT.UCMP.GE | Comparison of unsigned value against 0 is always true | 4 | true | Pre-9.2 | 9.5 |
| CWARN.NOEFFECT.UCMP.GE.MACRO | Comparison of unsigned value against 0 within a macro is always true | 4 | false | Pre-9.2 | 9.5 |
| CWARN.NOEFFECT.UCMP.LT | Comparison of unsigned value against 0 is always false | 4 | true | Pre-9.2 | 9.5 |
| CWARN.NOEFFECT.UCMP.LT.MACRO | Comparison of unsigned value against 0 within a macro is always false | 4 | false | Pre-9.2 | 9.5 |
| CWARN.NULLCHECK.FUNCNAME | Function address was directly compared against 0 | 4 | true | Pre-9.2 | 9.5 |
| CWARN.OVERRIDE.CONST | Function overriding fails due to mismatch of 'const' qualifiers | 4 | true | Pre-9.2 | 9.5 |
| CWARN.PACKED.TYPEDEF | 'packed' attribute ignored in typedef | 4 | false | Pre-9.2 | 9.5 |
| CWARN.PASSBYVALUE.ARG | Function argument passed by value is too large | 4 | false | Pre-9.2 | 9.5 |
| CWARN.PASSBYVALUE.EXC | Exception object passed by value is too large | 4 | false | Pre-9.2 | 9.5 |
| CWARN.RET.MAIN | Bad return type of main | 4 | true | Pre-9.2 | 9.5 |
| CWARN.SIGNEDBIT | Signed one bit field | 4 | true | Pre-9.2 | 9.5 |
| CXX.BITOP.BOOL_OPERAND | Potential logic error: Boolean expressions should not be used directly as bitwise operator arguments. Consider using logical operators instead. | 4 | false | 2021.1 | |
| CXX.BITOP.NON_CONST_OPERAND | Bitwise operators should be applied to constants only | 4 | false | 2021.1 | |
| CXX.CAST.OBJ_PTR_TO_OBJ_PTR | Cast between a pointer to object type and a pointer to a different object type | 4 | false | 2021.3 | |
| CXX.CAST.SIGNED_CHAR_TO_INTEGER | Cast char to unsigned char before converting to larger integer sizes | 4 | false | 2021.3 | |
| CXX.DIFF.WIDTH.STR_AND_FUNC | Implicit cast between narrow and wide character string while calling function | 4 | false | 2021.3 | |
| CXX.ERRNO.INCORRECTLY_CHECKED | Errno condition check not required after calling library function | 3 | false | 2021.2 | |
| CXX.ERRNO.NOT_CHECKED | Errno condition check is missing after calling library function | 3 | false | 2021.2 | |
| CXX.ERRNO.NOT_SET | Errno is not reset to zero before calling library function | 3 | false | 2021.2 | |
| CXX.ID_VIS.GLOBAL_VARIABLE.EXTERN | Visibility of extern global variable is too wide | 4 | false | 2021.3 | |
| CXX.ID_VIS.GLOBAL_VARIABLE.STATIC | Visibility of static global variable is too wide | 4 | false | 2021.3 | |
| CXX.INT_TO_FLOAT.CONV | Use of implicit conversion in an arithmetic operation | 4 | false | 2021.2 | |
| CXX.LOGICAL_OP.INT_OPERAND | Potential logic error: Integral expressions should not be used directly as logical operator operands. Boolean expressions should be used instead. | 4 | false | 2021.1 | |
| CXX.LOGICAL_OP.NON_BOOL_CONSTANT | Logical operators should not be applied directly to constants | 4 | false | 2021.1 | |
| CXX.OVERWRITE_CONST_CHAR | Attempt to overwrite a constant string | 3 | false | 2021.1 | |
| CXX.POSSIBLE_COPY_PASTE.FSTRING.APPEND_SAME_STRING | Possible copy-paste error: Appending the same FString twice | 4 | false | 2021.1 | |
| CXX.POSSIBLE_COPY_PASTE.LOGICAL_OP.CMP_SAME_OBJECT | Possible copy-paste error: An object should not be logically compared to itself | 4 | false | 2021.1 | |
| CXX.POSSIBLE_COPY_PASTE.TERNARY_OP | Possible copy-paste in the 'then' and 'else' branches of a ternary operator | 4 | false | 2021.1 | |
| CXX.SQL.INJECT | SQL Injection | 2 | false | 2021.2 | |
| CXX.STDLIB.ILLEGAL_REUSE | The pointer returned by the Standard Library functions asctime and similar shall not be used following a subsequent call to the same function | 4 | false | 2021.3 | |
| CXX.STDLIB.ILLEGAL_WRITE | The pointers returned by the Standard Library functions localeconv, getenv, setlocale or, strerror shall only be used as if they have pointer to const-qualified type | 4 | false | 2021.3 | |
| DBZ.CONST | Division by a zero constant occurs | 1 | false | 10.3 | 2020.2 |
| DBZ.CONST.CALL | The value '0' is passed to function that can use this value as divisor | 1 | false | 10.3 | |
| DBZ.GENERAL | Division by zero might occur | 1 | false | 10.3 | |
| DBZ.ITERATOR | Division by zero might occur in a loop iterator | 1 | false | 10.3 | |
| EFFECT | Statement has no effect | 4 | false | Pre-9.2 | |
| FMM.MIGHT | Freeing Mismatched Memory - possible | 2 | true | Pre-9.2 | 10.1 |
| FMM.MUST | Freeing Mismatched Memory | 1 | true | Pre-9.2 | 10.1 |
| FNH.MIGHT | Freeing Non-Heap Memory - possible | 1 | true | Pre-9.2 | |
| FNH.MUST | Freeing Non-Heap Memory | 2 | true | Pre-9.2 | |
| FREE.INCONSISTENT | Inconsistent Freeing of Memory | 3 | false | Pre-9.2 | |
| FUM.GEN.MIGHT | Freeing Unallocated Memory - possible | 1 | true | Pre-9.2 | |
| FUM.GEN.MUST | Freeing Unallocated Memory | 1 | true | Pre-9.2 | |
| FUNCRET.GEN | Non-void function does not return value | 1 | true | Pre-9.2 | |
| FUNCRET.IMPLICIT | Non-void function implicitly returning int does not return value | 2 | true | Pre-9.2 | |
| HCC | Use of hardcoded credentials | 2 | true | 11.1 | |
| HCC.PWD | Use of a hardcoded password | 2 | true | 11.1 | |
| HCC.USER | Use of a hardcoded user name | 2 | true | 11.1 | |
| INCONSISTENT.LABEL | Inconsistent Case Labels | 4 | true | Pre-9.2 | 9.5 |
| INCORRECT.ALLOC_SIZE | Incorrect Allocation Size | 3 | true | Pre-9.2 | |
| INFINITE_LOOP.GLOBAL | Infinite loop | 2 | false | 9.5 | |
| INFINITE_LOOP.LOCAL | Infinite loop | 2 | true | 9.5 | 10.1, 2017, 2017.3 |
| INFINITE_LOOP.MACRO | Infinite loop | 2 | false | 9.5 | |
| INVARIANT_CONDITION.GEN | Invariant expression in a condition | 3 | false | 10.1 | 10.2, 2020.1 |
| INVARIANT_CONDITION.UNREACH | Invariant expression in a condition | 3 | false | 10.1 | 10.2 |
| ITER.CONTAINER.MODIFIED | Use of invalid iterator | 3 | true | Pre-9.2 | 2017 |
| ITER.END.DEREF.MIGHT | Dereference of 'end' iterator | 3 | true | 9.5 | |
| ITER.END.DEREF.MUST | Dereference of 'end' iterator | 3 | true | 9.5 | |
| ITER.INAPPROPRIATE | Use of iterator with inappropriate container object | 4 | true | 9.5 | |
| ITER.INAPPROPRIATE.MULTIPLE | Use of iterator with inappropriate container object | 4 | true | 9.5 | |
| LA_UNUSED | Label unused | 4 | false | Pre-9.2 | |
| LOCRET.ARG | Function returns address of local variable | 1 | true | Pre-9.2 | 9.5 |
| LOCRET.GLOB | Function returns address of local variable | 1 | true | Pre-9.2 | 9.5 |
| LOCRET.RET | Function returns address of local variable | 1 | true | Pre-9.2 | 9.5 |
| LS.CALL | Suspicious use of non-localized string in GUI function | 3 | false | 11.0 | |
| LS.CALL.STRING | Suspicious use of non-localized string in GUI function | 3 | false | 11.0 | |
| LV_UNUSED.GEN | Local variable unused | 4 | false | Pre-9.2 | 2020.3 |
| MLK.MIGHT | Memory Leak - possible | 2 | true | Pre-9.2 | 9.2, 9.5 |
| MLK.MUST | Memory Leak | 2 | true | Pre-9.2 | 9.2, 9.5, 11.1, 11.3, 2020.1 |
| MLK.RET.MIGHT | Memory Leak - possible | 2 | false | 9.6 | |
| MLK.RET.MUST | Memory Leak | 2 | true | 9.6 | |
| NNTS.MIGHT | Buffer Overflow - Non-null Terminated String | 1 | true | Pre-9.2 | 9.2, 10.3 |
| NNTS.MUST | Buffer Overflow - Non-null Terminated String | 1 | true | Pre-9.2 | 9.2, 10.3 |
| NNTS.TAINTED | Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String | 1 | true | Pre-9.2 | 9.2, 10.3, 2021.2, 2021.3 |
| NPD.CHECK.CALL.MIGHT | Pointer may be passed to function that can dereference it after it was positively checked for NULL | 1 | true | Pre-9.2 | 9.2, 9.5 |
| NPD.CHECK.CALL.MUST | Pointer will be passed to function that may dereference it after it was positively checked for NULL | 1 | true | Pre-9.2 | 9.2, 9.5 |
| NPD.CHECK.MIGHT | Pointer may be dereferenced after it was positively checked for NULL | 1 | true | Pre-9.2 | 9.2, 9.5 |
| NPD.CHECK.MUST | Pointer will be dereferenced after it was positively checked for NULL | 1 | true | Pre-9.2 | 9.2, 9.5 |
| NPD.CONST.CALL | NULL is passed to function that can dereference it | 1 | false | Pre-9.2 | 9.2, 9.5 |
| NPD.CONST.DEREF | NULL is dereferenced | 1 | false | Pre-9.2 | 9.2, 9.5, 2022.1 |
| NPD.FUNC.CALL.MIGHT | Result of function that may return NULL may be passed to another function that may dereference it | 1 | false | Pre-9.2 | 9.2, 9.5 |
| NPD.FUNC.CALL.MUST | Result of function that may return NULL will be passed to another function that may dereference it | 1 | false | Pre-9.2 | 9.2, 9.5 |
| NPD.FUNC.MIGHT | Result of function that can return NULL may be dereferenced | 1 | true | Pre-9.2 | 9.2, 9.5 |
| NPD.FUNC.MUST | Result of function that may return NULL will be dereferenced | 1 | true | Pre-9.2 | 9.2, 9.5, 10.4, 2020.3, 2020.4 |
| NPD.GEN.CALL.MIGHT | Null pointer may be passed to function that may dereference it | 1 | true | Pre-9.2 | 9.2, 9.5 |
| NPD.GEN.CALL.MUST | Null pointer will be passed to function that may dereference it | 1 | true | Pre-9.2 | 9.2, 9.5 |
| NPD.GEN.MIGHT | Null pointer may be dereferenced | 1 | true | Pre-9.2 | 9.2, 9.5 |
| NPD.GEN.MUST | Null pointer will be dereferenced | 1 | true | Pre-9.2 | 9.2, 9.5, 11.0, 2018.2, 2021.3 |
| NUM.OVERFLOW | Possible Overflow | 3 | false | 10.1 | |
| PORTING.BITFIELDS | Usage of bitfields within a structure | 4 | false | 9.2 | 9.5 |
| PORTING.BSWAP.MACRO | A custom byte swap macro is used without checking endian | 4 | false | 9.2 | 9.5 |
| PORTING.BYTEORDER.SIZE | An incompatible type is used with a network macro such as 'ntohl' | 4 | false | 9.2 | 9.5 |
| PORTING.CAST.FLTPNT | Cast of a floating point expression to a non floating point type | 4 | false | 9.2 | 9.5 |
| PORTING.CAST.PTR | Cast between types that are not both pointers or not pointers | 4 | false | 9.2 | 9.5 |
| PORTING.CAST.PTR.FLTPNT | Cast of a pointer to a floating point expression to a non floating point type pointer | 4 | false | 9.2 | 9.5 |
| PORTING.CAST.PTR.SIZE | Attempt to cast an expression to a type of a potentially incompatible size | 4 | false | 9.2 | 9.5 |
| PORTING.CAST.SIZE | Expression is cast to a type of potentially different size | 4 | false | 9.2 | 9.5 |
| PORTING.CMPSPEC.EFFECTS.ASSIGNMENT | Assignment in a function parameter | 4 | false | 9.2 | 9.5, 10.3 |
| PORTING.CMPSPEC.TYPE.BOOL | Assignment to a 'bool' type is larger than 1 byte | 4 | false | 9.2 | 9.5 |
| PORTING.CMPSPEC.TYPE.LONGLONG | Use of 'long long' | 4 | false | 9.2 | 9.5 |
| PORTING.MACRO.NUMTYPE | Macro describing a builtin numeric type is used | 4 | false | 9.2 | 9.5 |
| PORTING.OPTS | Compiler dependant option is used | 4 | false | 9.2 | 9.5 |
| PORTING.PRAGMA.ALIGN | #pragma align usage | 4 | false | 9.2 | 9.5 |
| PORTING.PRAGMA.PACK | #pragma pack usage | 4 | false | 9.2 | 9.5 |
| PORTING.SIGNED.CHAR | 'char' used without explicitly specifying signedness | 4 | false | 9.2 | 9.5 |
| PORTING.STORAGE.STRUCT | Byte position of elements in a structure could depend on alignment and packing attributes. | 4 | false | 9.2 | 9.5 |
| PORTING.STRUCT.BOOL | Struct/class has a bool member | 4 | false | 9.2 | 9.5 |
| PORTING.UNIONS | Union is used within an enclosing struct/class/other union | 4 | false | 9.2 | 9.5 |
| PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE | Relational expression may be always false depending on 'char' type signedness | 4 | false | 9.2 | 9.5 |
| PORTING.UNSIGNEDCHAR.OVERFLOW.TRUE | Relational expression may be always true depending on 'char' type signedness | 4 | false | 9.2 | 9.5 |
| PORTING.UNSIGNEDCHAR.RELOP | Relational operations used between explicitly signed/unsigned char and char without signedness specification | 4 | false | 9.2 | 9.5 |
| PORTING.VAR.EFFECTS | Variable used twice in one expression where one usage is subject to side-effects | 4 | false | 9.2 | 9.5 |
| PRECISION.LOSS | Loss of Precision | 4 | false | Pre-9.2 | 9.5 |
| PRECISION.LOSS.CALL | Loss of Precision during function call | 4 | false | Pre-9.2 | 9.5 |
| RABV.CHECK | Suspicious use of index before boundary check | 1 | true | 11.3 | 2017 |
| RCA | Risky cryptographic algorithm used | 2 | true | 11.0 | 2017 |
| RCA.HASH.SALT.EMPTY | Use of a one-way hash with an empty salt | 2 | true | 11.1 | |
| RETVOID.GEN | Non-void function returns void value | 2 | true | Pre-9.2 | |
| RETVOID.IMPLICIT | Implicitly int function returns void value | 2 | true | Pre-9.2 | |
| RH.LEAK | Resource leak | 2 | true | Pre-9.2 | 9.5, 11.1, 2020.1, 2020.2 |
| RN.INDEX | Suspicious use of index before negative check | 1 | true | 9.5 | |
| RNPD.CALL | Suspicious dereference of pointer in function call before NULL check | 1 | true | Pre-9.2 | |
| RNPD.DEREF | Suspicious dereference of pointer before NULL check | 1 | true | Pre-9.2 | |
| SEMICOL | Suspiciously placed semicolon | 4 | false | Pre-9.2 | |
| SPECTRE.VARIANT1 | Potential exploit of speculative execution | 3 | false | 2017.3, 2018, 2018.1* | |
| STRONG.TYPE.ASSIGN | Assignment does not respect strong typing | 4 | false | 9.2 | |
| STRONG.TYPE.ASSIGN.ARG | Assignment does not respect strong typing | 4 | false | 9.2 | |
| STRONG.TYPE.ASSIGN.CONST | Assignment does not respect strong typing | 4 | false | 9.2 | |
| STRONG.TYPE.ASSIGN.INIT | Assignment does not respect strong typing | 4 | false | 9.2 | 2020.3 |
| STRONG.TYPE.ASSIGN.RETURN | Assignment does not respect strong typing | 4 | false | 9.2 | 2020.3 |
| STRONG.TYPE.ASSIGN.ZERO | Assignment does not respect strong typing | 4 | false | 9.2 | |
| STRONG.TYPE.EXTRACT | Assignment does not respect strong typing | 4 | false | 9.2 | |
| STRONG.TYPE.JOIN.CMP | Joining with binary operator does not respect strong typing | 4 | false | 9.2 | |
| STRONG.TYPE.JOIN.CONST | Joining with binary operator does not respect strong typing | 4 | false | 9.2 | 2020.1 |
| STRONG.TYPE.JOIN.EQ | Joining with binary operator does not respect strong typing | 4 | false | 9.2 | |
| STRONG.TYPE.JOIN.OTHER | Joining with binary operator does not respect strong typing | 4 | false | 9.2 | |
| STRONG.TYPE.JOIN.ZERO | Joining with binary operator does not respect strong typing | 4 | false | 9.2 | 2020.1 |
| SV.BANNED.RECOMMENDED.ALLOCA | Banned recommended API: stack allocation functions | 4 | false | 9.5 | |
| SV.BANNED.RECOMMENDED.NUMERIC | Banned recommended API: unsafe numeric conversion functions | 4 | false | 9.5 | |
| SV.BANNED.RECOMMENDED.OEM | Banned recommended API: OEM character page conversion functions | 4 | false | 9.5 | |
| SV.BANNED.RECOMMENDED.PATH | Banned recommended API: unsafe path name manipulation functions | 4 | false | 9.5 | |
| SV.BANNED.RECOMMENDED.SCANF | Banned recommended API: unsafe scanf-type functions | 4 | false | 9.5 | |
| SV.BANNED.RECOMMENDED.SPRINTF | Banned recommended API: unsafe sprintf-type functions | 4 | false | 9.5 | |
| SV.BANNED.RECOMMENDED.STRLEN | Banned recommended API: unsafe string length functions | 4 | false | 9.5 | |
| SV.BANNED.RECOMMENDED.TOKEN | Banned recommended API: unsafe string tokenizing functions | 4 | false | 9.5 | |
| SV.BANNED.RECOMMENDED.WINDOW | Banned recommended API: unsafe window functions | 4 | false | Pre-9.2 | |
| SV.BANNED.REQUIRED.CONCAT | Banned required API: unsafe string concatenation functions | 4 | false | 9.5 | |
| SV.BANNED.REQUIRED.COPY | Banned required API: unsafe buffer copy functions | 4 | false | 9.5 | |
| SV.BANNED.REQUIRED.GETS | Banned required API: unsafe stream reading functions | 4 | false | Pre-9.2 | |
| SV.BANNED.REQUIRED.ISBAD | Banned required API: IsBad-type functions | 4 | false | 9.5 | |
| SV.BANNED.REQUIRED.SPRINTF | Banned required API: unsafe sprintf-type functions | 4 | false | 9.5 | |
| SV.BFC.USING_STRUCT | Use of INADDR_ANY in sin_addr.s_addr field of struct sockaddr_in Structure Used for Call to bind Function | 4 | false | Pre-9.2 | |
| SV.BRM.HKEY_LOCAL_MACHINE | HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function | 4 | false | Pre-9.2 | |
| SV.CODE_INJECTION.SHELL_EXEC | Command Injection into Shell Execution | 3 | false | Pre-9.2 | |
| SV.DLLPRELOAD.NONABSOLUTE.DLL | Potential DLL-preload hijack vector | 2 | false | 9.5 | |
| SV.DLLPRELOAD.NONABSOLUTE.EXE | Potential process injection vector | 2 | false | 9.5 | |
| SV.DLLPRELOAD.SEARCHPATH | Do not use SearchPath to find DLLs | 2 | false | 9.5 | |
| SV.FIU.PROCESS_VARIANTS | Use of Dangerous Process Creation | 4 | false | Pre-9.2 | 11.3 |
| SV.FMTSTR.GENERIC | Format String Vulnerability | 1 | false | Pre-9.2 | 11.2, 2021.4 |
| SV.FMT_STR.BAD_SCAN_FORMAT | Input format specifier error | 2 | true | Pre-9.2 | 9.5 |
| SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD | Incompatible type of a print function parameter | 2 | true | Pre-9.2 | 9.5 |
| SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED | Unexpected type of a print function parameter | 4 | true | Pre-9.2 | 9.5 |
| SV.FMT_STR.PRINT_IMPROP_LENGTH | Improper use of length modifier in a print function call | 2 | true | Pre-9.2 | 9.5 |
| SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW | Too few arguments in a print function call | 2 | true | Pre-9.2 | 9.5 |
| SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY | Too many arguments in a print function call | 2 | true | Pre-9.2 | 9.5 |
| SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD | Incompatible type of a scan function parameter | 2 | true | 10.0 | 11.3 |
| SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED | Unexpected type of a scan function parameter | 2 | true | 10.0 | 2021.4 |
| SV.FMT_STR.SCAN_IMPROP_LENGTH | Improper use of length modifier in a scan function call | 2 | true | Pre-9.2 | 9.5 |
| SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW | Too few arguments in a scan function call | 2 | true | Pre-9.2 | 9.5 |
| SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY | Too many arguments in a scan function call | 2 | true | Pre-9.2 | 9.5 |
| SV.FMT_STR.UNKWN_FORMAT | Unknown format specifier in a print function call | 3 | true | Pre-9.2 | 9.5 |
| SV.FMT_STR.UNKWN_FORMAT.SCAN | Unknown format specifier in a scan function call | 3 | true | Pre-9.2 | 9.5 |
| SV.INCORRECT_RESOURCE_HANDLING.URH | Insecure Resource Handling | 3 | false | Pre-9.2 | |
| SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS | Insecure Resource Handling | 3 | false | Pre-9.2 | |
| SV.LPP.CONST | Use of Insecure Macro for Dangerous Functions | 3 | false | 9.5 | |
| SV.LPP.VAR | Use of Insecure Parameter for Dangerous Functions | 3 | false | 9.5 | |
| SV.PCC.CONST | Insecure (Constant) Temporary File Name in Call to CreateFile | 4 | false | Pre-9.2 | |
| SV.PCC.INVALID_TEMP_PATH | Insecure Temporary File Name in Call to CreateFile | 4 | false | Pre-9.2 | |
| SV.PCC.MISSING_TEMP_CALLS.MUST | Missing Secure Temporary File Names in Call to CreateFile | 4 | false | Pre-9.2 | |
| SV.PCC.MISSING_TEMP_FILENAME | Missing Temporary File Name in Call to CreateFile | 4 | false | Pre-9.2 | |
| SV.PCC.MODIFIED_BEFORE_CREATE | Modification of Temporary File Name before Call to CreateFile | 4 | false | Pre-9.2 | |
| SV.PIPE.CONST | Potential pipe hijacking | 3 | false | 9.5 | |
| SV.PIPE.VAR | Potential pipe hijacking | 3 | false | 9.5 | |
| SV.RVT.RETVAL_NOTTESTED | Ignored Return Value | 4 | false | Pre-9.2 | 2021.2, 2021.3, 2022.1 |
| SV.SIP.CONST | Use of Insecure Macro for Dangerous Functions | 3 | false | 9.6 | |
| SV.SIP.VAR | Use of Insecure Parameter for Dangerous Functions | 3 | false | 9.6 | |
| SV.STRBO.BOUND_COPY.OVERFLOW | Buffer Overflow in Bound String Copy | 1 | false | 10.0 | |
| SV.STRBO.BOUND_COPY.UNTERM | Possible Buffer Overflow in Following String Operations | 2 | false | 10.0 | |
| SV.STRBO.BOUND_SPRINTF | Buffer Overflow in Bound sprintf | 1 | false | Pre-9.2 | 10.3 |
| SV.STRBO.UNBOUND_COPY | Buffer Overflow in Unbound String Copy | 1 | false | Pre-9.2 | |
| SV.STRBO.UNBOUND_SPRINTF | Buffer Overflow in Unbound sprintf | 1 | false | Pre-9.2 | |
| SV.STR_PAR.UNDESIRED_STRING_PARAMETER | Undesired String for File Path | 4 | false | Pre-9.2 | |
| SV.TAINTED.ALLOC_SIZE | Use of Unvalidated Integer in Memory Allocation | 2 | true | Pre-9.2 | 10.1, 10.2 |
| SV.TAINTED.BINOP | Use of Unvalidated Integer in Binary Operation | 3 | false | 10.3 | 2020.2 |
| SV.TAINTED.CALL.BINOP | Use of Unvalidated Integer in Binary Operation | 3 | false | 10.3 | |
| SV.TAINTED.CALL.DEREF | Dereference Of An Unvalidated Pointer | 3 | false | 11.2 | |
| SV.TAINTED.CALL.GLOBAL | Use of Unvalidated Integer in an Assignment Operation | 3 | false | 2020.2 | |
| SV.TAINTED.CALL.INDEX_ACCESS | Use of Unvalidated Integer as Array Index by Function Call | 2 | true | Pre-9.2 | 10.1, 10.2 |
| SV.TAINTED.CALL.LOOP_BOUND | Use of Unvalidated Integer in Loop Condition through a Function Call | 2 | true | Pre-9.2 | 10.1, 10.2 |
| SV.TAINTED.DEREF | Dereference Of An Unvalidated Pointer | 3 | false | 11.2 | |
| SV.TAINTED.FMTSTR | Use of Unvalidated Data in a Format String | 1 | true | Pre-9.2 | 10.1 |
| SV.TAINTED.GLOBAL | Use of Unvalidated Integer in an Assignment Operation | 3 | false | 2020.2 | |
| SV.TAINTED.INDEX_ACCESS | Use of Unvalidated Integer as Array Index | 1 | true | Pre-9.2 | 10.1, 10.2, 11.1, 2017 |
| SV.TAINTED.INJECTION | Command Injection | 3 | true | Pre-9.2 | 10.1 |
| SV.TAINTED.LOOP_BOUND | Use of Unvalidated Integer in Loop Condition | 2 | true | Pre-9.2 | 10.1, 10.2 |
| SV.TAINTED.PATH_TRAVERSAL | Use of Unvalidated Data in a Path Traversal | 1 | true | 11.0 | |
| SV.TAINTED.SECURITY_DECISION | Security Decision | 3 | false | 10.4 | |
| SV.TAINTED.XSS.REFLECTED | Cross-site Scripting Vulnerability | 3 | false | 2020.3 | |
| SV.TOCTOU.FILE_ACCESS | Time of Creation/Time of Use Race condition in File Access | 4 | false | Pre-9.2 | 11.3, 2021.3 |
| SV.UNBOUND_STRING_INPUT.CIN | Usage of cin for unbounded string input | 1 | true | 9.5 | |
| SV.UNBOUND_STRING_INPUT.FUNC | Usage of unbounded string input | 1 | true | 9.5 | |
| SV.USAGERULES.PERMISSIONS | Use of Privilege Elevation | 4 | false | Pre-9.2 | 11.3 |
| SV.USAGERULES.PROCESS_VARIANTS | Use of Dangerous Process Creation Function | 4 | false | Pre-9.2 | |
| SV.USAGERULES.SPOOFING | Use of Function Susceptible to Spoofing | 4 | false | Pre-9.2 | |
| SV.WEAK_CRYPTO.WEAK_HASH | Weak Hash Function | 4 | false | Pre-9.2 | |
| UFM.DEREF.MIGHT | Use of free memory (access) - possible | 1 | true | Pre-9.2 | 9.2, 9.5 |
| UFM.DEREF.MUST | Use of Freed Memory by Pointer | 1 | true | Pre-9.2 | 9.2, 9.5 |
| UFM.FFM.MIGHT | Use of free memory (double free) - possible | 1 | true | Pre-9.2 | 9.2, 9.5 |
| UFM.FFM.MUST | Freeing Freed Memory | 1 | true | Pre-9.2 | 9.2, 9.5 |
| UFM.RETURN.MIGHT | Use of freed memory (return) - possible | 2 | true | Pre-9.2 | 9.2, 9.5 |
| UFM.RETURN.MUST | Use of Freed Memory on Return | 2 | true | Pre-9.2 | 9.2, 9.5 |
| UFM.USE.MIGHT | Use of free memory - possible | 2 | true | Pre-9.2 | 9.2, 9.5 |
| UFM.USE.MUST | Use of Freed Memory | 2 | true | Pre-9.2 | 9.2, 9.5 |
| UNINIT.CTOR.MIGHT | Uninitialized Variable in Constructor - possible | 1 | true | Pre-9.2 | 9.2, 9.5 |
| UNINIT.CTOR.MUST | Uninitialized Variable in Constructor | 2 | false | Pre-9.2 | 9.2, 9.5, 2020.1, 2021.2, 2022.1 |
| UNINIT.HEAP.MIGHT | Uninitialized Heap Use - possible | 1 | true | Pre-9.2 | 9.2, 9.5 |
| UNINIT.HEAP.MUST | Uninitialized Heap Use | 1 | true | Pre-9.2 | 9.2, 9.5 |
| UNINIT.STACK.ARRAY.MIGHT | Uninitialized Array - possible | 1 | true | Pre-9.2 | 9.2, 9.5 |
| UNINIT.STACK.ARRAY.MUST | Uninitialized Array | 1 | true | Pre-9.2 | 9.2, 9.5, 2021.2, 2021.4, 2022.1 |
| UNINIT.STACK.ARRAY.PARTIAL.MUST | Partially Uninitialized Array | 1 | true | Pre-9.2 | 9.2, 9.5, 2022.1 |
| UNINIT.STACK.MIGHT | Uninitialized Variable - possible | 1 | true | Pre-9.2 | 9.2, 9.5, 2018.2, 2020.2, 2022.1 |
| UNINIT.STACK.MUST | Uninitialized Variable | 1 | true | Pre-9.2 | 9.2, 9.5, 11.2, 2020.3, 2021.2, 2021.4 |
| UNREACH.ENUM | Code is unreachable due to the possible value(s) of an enum | 3 | false | 2021.3 | |
| UNREACH.GEN | Unreachable code | 3 | false | Pre-9.2 | 9.2, 9.5, 10.1, 10.3, 10.4, 11.2, 2020.3, 2021.3 |
| UNREACH.RETURN | Unreachable Void Return | 3 | false | Pre-9.2 | 9.2, 9.5, 11.2 |
| UNREACH.SIZEOF | Architecture-related unreachable code | 3 | false | 10.1 | |
| UNUSED.FUNC.GEN | Function defined but not used | 4 | false | 10.1 | 11.3 |
| UNUSED.FUNC.STL_EMPTY | Ignored return value of an STL object empty() method | 3 | true | 2019.3 | 2020.1 |
| UNUSED.FUNC.WARN | Potential unused function | 4 | false | 10.1 | 11.3 |
| VA.LIST.INDETERMINATE | Attempt to call va_arg() on a va_list that has an indeterminate value | 3 | false | 2021.2 | |
| VA_UNUSED.GEN | Value is Never Used after Assignment | 4 | false | Pre-9.2 | 9.5 |
| VA_UNUSED.INIT | Value is Never Used after Initialization | 4 | false | Pre-9.2 | 9.5, 11.2 |
| VOIDRET | Void function returns value | 2 | true | Pre-9.2 | 9.5 |
*SPECTRE.VARIANT1 was created in April 2018 and back ported to Klocwork 2017.3/2018 as the vulnerability was discovered in early 2018.
