CWE IDs mapped to Klocwork C and C++ checkers

This mapping is based on the latest version of CWE.

ID Checker name and description
20

ABV.TAINTED   Buffer Overflow from Unvalidated Input

NNTS.MUST   Buffer Overflow - Non-null Terminated String

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

SV.CODE_INJECTION.SHELL_EXEC   Command Injection into Shell Execution

SV.TAINTED.ALLOC_SIZE   Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.BINOP   Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.BINOP   Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.DEREF   Dereference Of An Unvalidated Pointer

SV.TAINTED.CALL.INDEX_ACCESS   Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.DEREF   Dereference Of An Unvalidated Pointer

SV.TAINTED.FMTSTR   Use of Unvalidated Data in a Format String

SV.TAINTED.INDEX_ACCESS   Use of Unvalidated Integer as Array Index

SV.TAINTED.INJECTION   Command Injection

SV.TAINTED.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition

SV.TAINTED.PATH_TRAVERSAL   Use of Unvalidated Data in a Path Traversal

SV.TAINTED.SECURITY_DECISION   Security Decision

22

SV.DLLPRELOAD.NONABSOLUTE.DLL   Potential DLL-preload hijack vector

SV.DLLPRELOAD.NONABSOLUTE.EXE   Potential process injection vector

SV.DLLPRELOAD.SEARCHPATH   Do not use SearchPath to find DLLs

SV.TAINTED.PATH_TRAVERSAL   Use of Unvalidated Data in a Path Traversal

23

SV.DLLPRELOAD.NONABSOLUTE.DLL   Potential DLL-preload hijack vector

SV.DLLPRELOAD.NONABSOLUTE.EXE   Potential process injection vector

SV.DLLPRELOAD.SEARCHPATH   Do not use SearchPath to find DLLs

73

SV.DLLPRELOAD.NONABSOLUTE.DLL   Potential DLL-preload hijack vector

SV.DLLPRELOAD.NONABSOLUTE.EXE   Potential process injection vector

SV.DLLPRELOAD.SEARCHPATH   Do not use SearchPath to find DLLs

77

SV.CODE_INJECTION.SHELL_EXEC   Command Injection into Shell Execution

SV.TAINTED.INJECTION   Command Injection

78

SV.CODE_INJECTION.SHELL_EXEC   Command Injection into Shell Execution

SV.TAINTED.INJECTION   Command Injection

79

SV.TAINTED.XSS.REFLECTED   Cross-site Scripting Vulnerability

80

SV.TAINTED.XSS.REFLECTED   Cross-site Scripting Vulnerability

88

SV.CODE_INJECTION.SHELL_EXEC   Command Injection into Shell Execution

SV.TAINTED.INJECTION   Command Injection

89

CXX.SQL.INJECT   SQL Injection

94

SV.CODE_INJECTION.SHELL_EXEC   Command Injection into Shell Execution

SV.TAINTED.INJECTION   Command Injection

99

ABV.TAINTED   Buffer Overflow from Unvalidated Input

SV.CODE_INJECTION.SHELL_EXEC   Command Injection into Shell Execution

SV.TAINTED.INJECTION   Command Injection

SV.TAINTED.PATH_TRAVERSAL   Use of Unvalidated Data in a Path Traversal

114

SV.DLLPRELOAD.NONABSOLUTE.DLL   Potential DLL-preload hijack vector

SV.DLLPRELOAD.NONABSOLUTE.EXE   Potential process injection vector

SV.DLLPRELOAD.SEARCHPATH   Do not use SearchPath to find DLLs

119

ABV.ANY_SIZE_ARRAY   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR   Buffer Overflow - Array Index may be out of Bounds

ABV.MEMBER   Buffer Overflow - Array Index Out of Bounds

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP   Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP   Mapping function failed

ABV.UNICODE.NNTS_MAP   Buffer overflow in mapping character function

ABV.UNICODE.SELF_MAP   Mapping function failed

ABV.UNKNOWN_SIZE   Buffer Overflow - Array Index Out of Bounds

CXX.SUSPICIOUS_INDEX_CHECK   Suspicious use of index after boundary check

CXX.SUSPICIOUS_INDEX_CHECK.CALL   Suspicious use of index in a function call after a boundary check

CXX.SUSPICIOUS_INDEX_CHECK.ZERO   Suspicious use of index after index check for zero

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

RABV.CHECK   Suspicious use of index before boundary check

RN.INDEX   Suspicious use of index before negative check

SV.FMT_STR.BAD_SCAN_FORMAT   Input format specifier error

SV.STRBO.BOUND_SPRINTF   Buffer Overflow in Bound sprintf

SV.STRBO.UNBOUND_SPRINTF   Buffer Overflow in Unbound sprintf

SV.UNBOUND_STRING_INPUT.CIN   Usage of cin for unbounded string input

SV.UNBOUND_STRING_INPUT.FUNC   Usage of unbounded string input

120

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR   Buffer Overflow - Array Index may be out of Bounds

ABV.MEMBER   Buffer Overflow - Array Index Out of Bounds

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

SV.STRBO.BOUND_COPY.OVERFLOW   Buffer Overflow in Bound String Copy

SV.STRBO.UNBOUND_COPY   Buffer Overflow in Unbound String Copy

SV.UNBOUND_STRING_INPUT.CIN   Usage of cin for unbounded string input

SV.UNBOUND_STRING_INPUT.FUNC   Usage of unbounded string input

121

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

122

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

124

ABV.ANY_SIZE_ARRAY   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR   Buffer Overflow - Array Index may be out of Bounds

ABV.MEMBER   Buffer Overflow - Array Index Out of Bounds

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP   Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP   Mapping function failed

ABV.UNICODE.NNTS_MAP   Buffer overflow in mapping character function

ABV.UNICODE.SELF_MAP   Mapping function failed

ABV.UNKNOWN_SIZE   Buffer Overflow - Array Index Out of Bounds

CXX.SUSPICIOUS_INDEX_CHECK   Suspicious use of index after boundary check

CXX.SUSPICIOUS_INDEX_CHECK.CALL   Suspicious use of index in a function call after a boundary check

CXX.SUSPICIOUS_INDEX_CHECK.ZERO   Suspicious use of index after index check for zero

RABV.CHECK   Suspicious use of index before boundary check

RN.INDEX   Suspicious use of index before negative check

SV.STRBO.BOUND_SPRINTF   Buffer Overflow in Bound sprintf

SV.STRBO.UNBOUND_SPRINTF   Buffer Overflow in Unbound sprintf

125

ABV.ANY_SIZE_ARRAY   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR   Buffer Overflow - Array Index may be out of Bounds

ABV.MEMBER   Buffer Overflow - Array Index Out of Bounds

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP   Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP   Mapping function failed

ABV.UNICODE.NNTS_MAP   Buffer overflow in mapping character function

ABV.UNICODE.SELF_MAP   Mapping function failed

ABV.UNKNOWN_SIZE   Buffer Overflow - Array Index Out of Bounds

CXX.SUSPICIOUS_INDEX_CHECK   Suspicious use of index after boundary check

CXX.SUSPICIOUS_INDEX_CHECK.CALL   Suspicious use of index in a function call after a boundary check

CXX.SUSPICIOUS_INDEX_CHECK.ZERO   Suspicious use of index after index check for zero

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

RABV.CHECK   Suspicious use of index before boundary check

RN.INDEX   Suspicious use of index before negative check

SV.FMT_STR.BAD_SCAN_FORMAT   Input format specifier error

SV.STRBO.BOUND_SPRINTF   Buffer Overflow in Bound sprintf

SV.STRBO.UNBOUND_SPRINTF   Buffer Overflow in Unbound sprintf

SV.UNBOUND_STRING_INPUT.CIN   Usage of cin for unbounded string input

SV.UNBOUND_STRING_INPUT.FUNC   Usage of unbounded string input

126

SV.STRBO.BOUND_COPY.UNTERM   Possible Buffer Overflow in Following String Operations

127

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

129

ABV.TAINTED   Buffer Overflow from Unvalidated Input

SV.TAINTED.CALL.INDEX_ACCESS   Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.INDEX_ACCESS   Use of Unvalidated Integer as Array Index

131

CXX.SIZEOF.CSTRING   Use of sizeof on char* may be misleading

INCORRECT.ALLOC_SIZE   Incorrect Allocation Size

134

SV.FMTSTR.GENERIC   Format String Vulnerability

SV.TAINTED.FMTSTR   Use of Unvalidated Data in a Format String

135

SV.FMT_STR.BAD_SCAN_FORMAT   Input format specifier error

170

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

SV.STRBO.BOUND_COPY.UNTERM   Possible Buffer Overflow in Following String Operations

176

ABV.UNICODE.BOUND_MAP   Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP   Mapping function failed

ABV.UNICODE.NNTS_MAP   Buffer overflow in mapping character function

ABV.UNICODE.SELF_MAP   Mapping function failed

190

NUM.OVERFLOW   Possible Overflow

NUM.OVERFLOW.DF   Possible numeric overflow or wraparound

SV.TAINTED.BINOP   Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.BINOP   Use of Unvalidated Integer in Binary Operation

192

MISRA.CAST.INT   Non-trivial integer expression is cast to a wider type, or type with a different signedness

MISRA.CAST.UNSIGNED_BITS   The result of bitwise operation on unsigned char or short is not cast back to original type

MISRA.UMINUS.UNSIGNED   Operand of unary minus is unsigned

PRECISION.LOSS   Loss of Precision

PRECISION.LOSS.CALL   Loss of Precision during function call

193

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

SV.STRBO.BOUND_COPY.UNTERM   Possible Buffer Overflow in Following String Operations

195

MISRA.CONV.INT.SIGN   Implicit integral conversion changes signedness

MISRA.CVALUE.IMPL.CAST.CPP   The value of an expression implicitly converted to a different type

196

MISRA.CAST.INT.SIGN   Non-trivial integral expression is cast to type with different signedness

MISRA.CONV.INT.SIGN   Implicit integral conversion changes signedness

197

MISRA.CAST.INT   Non-trivial integer expression is cast to a wider type, or type with a different signedness

MISRA.CAST.UNSIGNED_BITS   The result of bitwise operation on unsigned char or short is not cast back to original type

MISRA.UMINUS.UNSIGNED   Operand of unary minus is unsigned

PRECISION.LOSS   Loss of Precision

PRECISION.LOSS.CALL   Loss of Precision during function call

200

SPECTRE.VARIANT1   Potential exploit of speculative execution

242

SV.FIU.PROCESS_VARIANTS   Use of Dangerous Process Creation

SV.PIPE.VAR   Potential pipe hijacking

SV.UNBOUND_STRING_INPUT.CIN   Usage of cin for unbounded string input

SV.UNBOUND_STRING_INPUT.FUNC   Usage of unbounded string input

SV.USAGERULES.PROCESS_VARIANTS   Use of Dangerous Process Creation Function

250

SV.FIU.PROCESS_VARIANTS   Use of Dangerous Process Creation

SV.USAGERULES.PERMISSIONS   Use of Privilege Elevation

SV.USAGERULES.PROCESS_VARIANTS   Use of Dangerous Process Creation Function

251

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

252

SV.RVT.RETVAL_NOTTESTED   Ignored Return Value

253

SV.RVT.RETVAL_NOTTESTED   Ignored Return Value

256

CXX.SV.PWD.PLAIN   Attempt to set password using a plain string

CXX.SV.PWD.PLAIN.LENGTH   Attempt to set password with a length less than 15 characters

CXX.SV.PWD.PLAIN.LENGTH.ZERO   Attempt to set password with a length of zero characters

259

CXX.SV.PWD.PLAIN   Attempt to set password using a plain string

CXX.SV.PWD.PLAIN.LENGTH   Attempt to set password with a length less than 15 characters

CXX.SV.PWD.PLAIN.LENGTH.ZERO   Attempt to set password with a length of zero characters

HCC   Use of hardcoded credentials

HCC.PWD   Use of a hardcoded password

269

SV.USAGERULES.PERMISSIONS   Use of Privilege Elevation

272

SV.BRM.HKEY_LOCAL_MACHINE   HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function

273

SV.FIU.PROCESS_VARIANTS   Use of Dangerous Process Creation

SV.USAGERULES.PERMISSIONS   Use of Privilege Elevation

276

SV.USAGERULES.PROCESS_VARIANTS   Use of Dangerous Process Creation Function

284

SV.LPP.CONST   Use of Insecure Macro for Dangerous Functions

SV.LPP.VAR   Use of Insecure Parameter for Dangerous Functions

287

CXX.SV.PWD.PLAIN   Attempt to set password using a plain string

CXX.SV.PWD.PLAIN.LENGTH   Attempt to set password with a length less than 15 characters

CXX.SV.PWD.PLAIN.LENGTH.ZERO   Attempt to set password with a length of zero characters

HCC   Use of hardcoded credentials

HCC.PWD   Use of a hardcoded password

SV.WEAK_CRYPTO.WEAK_HASH   Weak Hash Function

290

SV.WEAK_CRYPTO.WEAK_HASH   Weak Hash Function

307

CXX.SV.PWD_INPUT.REVIEW   Password authentication should be checked against brute force attacks

311

CXX.SV.PRIVATE_KEY.EMPTY_PASSWD   Attempt to serialize private key in an unauthorized way

CXX.SV.PRIVATE_KEY.UNENCRYPTED   Attempt to serialize private key in an unauthorized way

312

CXX.SV.PRIVATE_KEY.EMPTY_PASSWD   Attempt to serialize private key in an unauthorized way

CXX.SV.PRIVATE_KEY.UNENCRYPTED   Attempt to serialize private key in an unauthorized way

321

HCC   Use of hardcoded credentials

HCC.PWD   Use of a hardcoded password

326

SV.USAGERULES.SPOOFING   Use of Function Susceptible to Spoofing

327

RCA   Risky cryptographic algorithm used

SV.WEAK_CRYPTO.WEAK_HASH   Weak Hash Function

362

SV.TOCTOU.FILE_ACCESS   Time of Creation/Time of Use Race condition in File Access

367

SV.TOCTOU.FILE_ACCESS   Time of Creation/Time of Use Race condition in File Access

369

DBZ.CONST   Division by a zero constant occurs

DBZ.CONST.CALL   The value '0' is passed to function that can use this value as divisor

DBZ.GENERAL   Division by zero might occur

DBZ.ITERATOR   Division by zero might occur in a loop iterator

DBZ.ITERATOR.CALL   Division by zero might occur in a function call

377

SV.PCC.CONST   Insecure (Constant) Temporary File Name in Call to CreateFile

SV.PCC.INVALID_TEMP_PATH   Insecure Temporary File Name in Call to CreateFile

SV.PCC.MISSING_TEMP_CALLS.MUST   Missing Secure Temporary File Names in Call to CreateFile

SV.PCC.MISSING_TEMP_FILENAME   Missing Temporary File Name in Call to CreateFile

SV.PCC.MODIFIED_BEFORE_CREATE   Modification of Temporary File Name before Call to CreateFile

390

SV.RVT.RETVAL_NOTTESTED   Ignored Return Value

391

SV.RVT.RETVAL_NOTTESTED   Ignored Return Value

394

RETVOID.GEN   Non-void function returns void value

RETVOID.IMPLICIT   Implicitly int function returns void value

VOIDRET   Void function returns value

400

CL.MLK   Memory Leak - in destructor

CL.MLK.ASSIGN   Memory Leak - in assignment operator

CL.MLK.VIRTUAL   Memory Leak - possible in destructor

MLK.MIGHT   Memory Leak - possible

MLK.MUST   Memory Leak

MLK.RET.MIGHT   Memory Leak - possible

MLK.RET.MUST   Memory Leak

SV.CODE_INJECTION.SHELL_EXEC   Command Injection into Shell Execution

SV.TAINTED.INJECTION   Command Injection

401

CL.MLK   Memory Leak - in destructor

CL.MLK.ASSIGN   Memory Leak - in assignment operator

CL.MLK.VIRTUAL   Memory Leak - possible in destructor

FREE.INCONSISTENT   Inconsistent Freeing of Memory

MLK.MIGHT   Memory Leak - possible

MLK.MUST   Memory Leak

MLK.RET.MIGHT   Memory Leak - possible

MLK.RET.MUST   Memory Leak

403

RH.LEAK   Resource leak

404

FMM.MIGHT   Freeing Mismatched Memory - possible

FMM.MUST   Freeing Mismatched Memory

RH.LEAK   Resource leak

412

CONC.DL   Deadlock

413

CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED   Do not destroy a mutex while it is locked

415

UFM.DEREF.MIGHT   Use of free memory (access) - possible

UFM.DEREF.MUST   Use of Freed Memory by Pointer

UFM.FFM.MIGHT   Use of free memory (double free) - possible

UFM.FFM.MUST   Freeing Freed Memory

UFM.RETURN.MIGHT   Use of freed memory (return) - possible

UFM.RETURN.MUST   Use of Freed Memory on Return

UFM.USE.MIGHT   Use of free memory - possible

UFM.USE.MUST   Use of Freed Memory

416

CL.FFM.ASSIGN   Use of free memory (double free) - no operator=

CL.FFM.COPY   Use of free memory (double free) - no copy constructor

CL.SELF-ASSIGN   Use of free memory (double free) - in operator=

CL.SHALLOW.ASSIGN   Use of free memory (double free) - shallow copy in operator=

CL.SHALLOW.COPY   Use of free memory (double free) - shallow copy in copy constructor

LOCRET.ARG   Function returns address of local variable

LOCRET.GLOB   Function returns address of local variable

LOCRET.RET   Function returns address of local variable

UFM.DEREF.MIGHT   Use of free memory (access) - possible

UFM.DEREF.MUST   Use of Freed Memory by Pointer

UFM.FFM.MIGHT   Use of free memory (double free) - possible

UFM.FFM.MUST   Freeing Freed Memory

UFM.RETURN.MIGHT   Use of freed memory (return) - possible

UFM.RETURN.MUST   Use of Freed Memory on Return

UFM.USE.MIGHT   Use of free memory - possible

UFM.USE.MUST   Use of Freed Memory

421

SV.PIPE.CONST   Potential pipe hijacking

SV.PIPE.VAR   Potential pipe hijacking

426

SV.TAINTED.PATH_TRAVERSAL   Use of Unvalidated Data in a Path Traversal

457

UNINIT.CTOR.MIGHT   Uninitialized Variable in Constructor - possible

UNINIT.CTOR.MUST   Uninitialized Variable in Constructor

UNINIT.HEAP.MIGHT   Uninitialized Heap Use - possible

UNINIT.HEAP.MUST   Uninitialized Heap Use

UNINIT.STACK.MIGHT   Uninitialized Variable - possible

UNINIT.STACK.MUST   Uninitialized Variable

464

SV.BANNED.RECOMMENDED.TOKEN   Banned recommended API: unsafe string tokenizing functions

SV.TAINTED.FMTSTR   Use of Unvalidated Data in a Format String

467

CXX.SIZEOF.CSTRING   Use of sizeof on char* may be misleading

INCORRECT.ALLOC_SIZE   Incorrect Allocation Size

468

CWARN.ALIGNMENT   Incorrect pointer scaling is used

MISRA.PTR.ARITH   Pointer is used in arithmetic or array index expression

476

NPD.CHECK.CALL.MIGHT   Pointer may be passed to function that can dereference it after it was positively checked for NULL

NPD.CHECK.CALL.MUST   Pointer will be passed to function that may dereference it after it was positively checked for NULL

NPD.CHECK.MIGHT   Pointer may be dereferenced after it was positively checked for NULL

NPD.CHECK.MUST   Pointer will be dereferenced after it was positively checked for NULL

NPD.CONST.CALL   NULL is passed to function that can dereference it

NPD.CONST.DEREF   NULL is dereferenced

NPD.FUNC.CALL.MIGHT   Result of function that may return NULL may be passed to another function that may dereference it

NPD.FUNC.CALL.MUST   Result of function that may return NULL will be passed to another function that may dereference it

NPD.FUNC.MIGHT   Result of function that can return NULL may be dereferenced

NPD.FUNC.MUST   Result of function that may return NULL will be dereferenced

NPD.GEN.CALL.MIGHT   Null pointer may be passed to function that may dereference it

NPD.GEN.CALL.MUST   Null pointer will be passed to function that may dereference it

NPD.GEN.MIGHT   Null pointer may be dereferenced

NPD.GEN.MUST   Null pointer will be dereferenced

RNPD.CALL   Suspicious dereference of pointer in function call before NULL check

RNPD.DEREF   Suspicious dereference of pointer before NULL check

478

MISRA.SWITCH.WELL_FORMED.DEFAULT.2012   Every switch statement shall have a default label.

480

ASSIGCOND.CALL   Assignment in condition (call)

ASSIGCOND.GEN   Assignment in condition

EFFECT   Statement has no effect

SEMICOL   Suspiciously placed semicolon

481

ASSIGCOND.CALL   Assignment in condition (call)

ASSIGCOND.GEN   Assignment in condition

482

EFFECT   Statement has no effect

484

MISRA.SWITCH.NO_BREAK   No break or throw statement at the end of switch-clause

MISRA.SWITCH.WELL_FORMED.BREAK.2012   An unconditional break statement shall terminate every switch-clause.

497

SV.STR_PAR.UNDESIRED_STRING_PARAMETER   Undesired String for File Path

522

CXX.SV.PRIVATE_KEY.EMPTY_PASSWD   Attempt to serialize private key in an unauthorized way

CXX.SV.PRIVATE_KEY.UNENCRYPTED   Attempt to serialize private key in an unauthorized way

539

CXX.SV.PERSISTENT_COOKIE   Illegal usage of a persistent cookie

561

INVARIANT_CONDITION.GEN   Invariant expression in a condition

INVARIANT_CONDITION.UNREACH   Invariant expression in a condition

LA_UNUSED   Label unused

UNREACH.ENUM   Code is unreachable due to the possible value(s) of an enum

UNREACH.GEN   Unreachable code

UNREACH.RETURN   Unreachable Void Return

UNREACH.SIZEOF   Architecture-related unreachable code

VA_UNUSED.GEN   Value is Never Used after Assignment

VA_UNUSED.INIT   Value is Never Used after Initialization

562

LOCRET.ARG   Function returns address of local variable

LOCRET.GLOB   Function returns address of local variable

LOCRET.RET   Function returns address of local variable

563

LV_UNUSED.GEN   Local variable unused

570

INVARIANT_CONDITION.GEN   Invariant expression in a condition

INVARIANT_CONDITION.UNREACH   Invariant expression in a condition

571

INVARIANT_CONDITION.GEN   Invariant expression in a condition

INVARIANT_CONDITION.UNREACH   Invariant expression in a condition

590

FNH.MIGHT   Freeing Non-Heap Memory - possible

FNH.MUST   Freeing Non-Heap Memory

FUM.GEN.MIGHT   Freeing Unallocated Memory - possible

FUM.GEN.MUST   Freeing Unallocated Memory

606

SV.TAINTED.CALL.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition

611

CXX.SV.XXE   Attempting to resolve external entities while parsing a XML file can lead to XXE attack

614

CXX.SV.INSECURE_COOKIE   Insecure cookie

628

MISRA.FUNC.UNMATCHED.PARAMS   Number of formal and actual parameters passed to function do not match

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW   Too few arguments in a print function call

SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY   Too many arguments in a print function call

SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW   Too few arguments in a scan function call

SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY   Too many arguments in a scan function call

665

UNINIT.CTOR.MIGHT   Uninitialized Variable in Constructor - possible

UNINIT.CTOR.MUST   Uninitialized Variable in Constructor

UNINIT.HEAP.MIGHT   Uninitialized Heap Use - possible

UNINIT.HEAP.MUST   Uninitialized Heap Use

UNINIT.STACK.ARRAY.MIGHT   Uninitialized Array - possible

UNINIT.STACK.ARRAY.MUST   Uninitialized Array

UNINIT.STACK.ARRAY.PARTIAL.MUST   Partially Uninitialized Array

UNINIT.STACK.MIGHT   Uninitialized Variable - possible

UNINIT.STACK.MUST   Uninitialized Variable

667

CERT.CONC.MUTEX.DESTROY_WHILE_LOCKED   Do not destroy a mutex while it is locked

CONC.DBL_LOCK   Double Lock

CONC.DBL_UNLOCK   Double Unlock

CONC.DL   Deadlock

CONC.NO_LOCK   Missing lock for variable

672

CL.FFM.ASSIGN   Use of free memory (double free) - no operator=

CL.FFM.COPY   Use of free memory (double free) - no copy constructor

CL.SELF-ASSIGN   Use of free memory (double free) - in operator=

CL.SHALLOW.ASSIGN   Use of free memory (double free) - shallow copy in operator=

CL.SHALLOW.COPY   Use of free memory (double free) - shallow copy in copy constructor

LOCRET.ARG   Function returns address of local variable

LOCRET.GLOB   Function returns address of local variable

LOCRET.RET   Function returns address of local variable

UFM.DEREF.MIGHT   Use of free memory (access) - possible

UFM.DEREF.MUST   Use of Freed Memory by Pointer

UFM.FFM.MIGHT   Use of free memory (double free) - possible

UFM.FFM.MUST   Freeing Freed Memory

UFM.RETURN.MIGHT   Use of freed memory (return) - possible

UFM.RETURN.MUST   Use of Freed Memory on Return

UFM.USE.MIGHT   Use of free memory - possible

UFM.USE.MUST   Use of Freed Memory

676

SV.BANNED.RECOMMENDED.ALLOCA   Banned recommended API: stack allocation functions

SV.BANNED.RECOMMENDED.NUMERIC   Banned recommended API: unsafe numeric conversion functions

SV.BANNED.RECOMMENDED.OEM   Banned recommended API: OEM character page conversion functions

SV.BANNED.RECOMMENDED.PATH   Banned recommended API: unsafe path name manipulation functions

SV.BANNED.RECOMMENDED.SCANF   Banned recommended API: unsafe scanf-type functions

SV.BANNED.RECOMMENDED.SPRINTF   Banned recommended API: unsafe sprintf-type functions

SV.BANNED.RECOMMENDED.STRLEN   Banned recommended API: unsafe string length functions

SV.BANNED.RECOMMENDED.TOKEN   Banned recommended API: unsafe string tokenizing functions

SV.BANNED.RECOMMENDED.WINDOW   Banned recommended API: unsafe window functions

SV.BANNED.REQUIRED.CONCAT   Banned required API: unsafe string concatenation functions

SV.BANNED.REQUIRED.COPY   Banned required API: unsafe buffer copy functions

SV.BANNED.REQUIRED.GETS   Banned required API: unsafe stream reading functions

SV.BANNED.REQUIRED.ISBAD   Banned required API: IsBad-type functions

SV.BANNED.REQUIRED.SPRINTF   Banned required API: unsafe sprintf-type functions

681

PRECISION.LOSS   Loss of Precision

PRECISION.LOSS.CALL   Loss of Precision during function call

682

CWARN.ALIGNMENT   Incorrect pointer scaling is used

CWARN.BAD.PTR.ARITH   Bad pointer arithmetic

CXX.SIZEOF.CSTRING   Use of sizeof on char* may be misleading

INCORRECT.ALLOC_SIZE   Incorrect Allocation Size

MISRA.SHIFT.RANGE   Right operand of shift operation is out of range - greater or equal to max bit-length of left operand, or negative

MISRA.SIGNED_CHAR.NOT_NUMERIC   'signed char' or 'unsigned char' is used for non-numeric value

PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE   Relational expression may be always false depending on 'char' type signedness

686

SV.FMT_STR.BAD_SCAN_FORMAT   Input format specifier error

SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD   Incompatible type of a print function parameter

SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED   Unexpected type of a print function parameter

SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD   Incompatible type of a scan function parameter

SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED   Unexpected type of a scan function parameter

SV.FMT_STR.SCAN_IMPROP_LENGTH   Improper use of length modifier in a scan function call

SV.FMT_STR.UNKWN_FORMAT   Unknown format specifier in a print function call

SV.FMT_STR.UNKWN_FORMAT.SCAN   Unknown format specifier in a scan function call

690

NPD.FUNC.MIGHT   Result of function that can return NULL may be dereferenced

NPD.FUNC.MUST   Result of function that may return NULL will be dereferenced

704

MISRA.CAST.CONST   Cast operation removes const or volatile modifier from a pointer or reference

MISRA.CAST.FUNC_PTR.2012   Conversion performed between a pointer to a function and another incompatible type

MISRA.CAST.INCOMPLETE_PTR_TO_ANY.2012   Conversion performed between a pointer to an incomplete type and a different type

MISRA.CAST.OBJ_PTR_TO_INT.2012   Conversion performed between a pointer to an object and an integer type

MISRA.CAST.OBJ_PTR_TO_NON_INT.2012   A cast between a pointer to object and a non-integer arithmetic type

MISRA.CAST.OBJ_PTR_TO_OBJ_PTR.2012   Cast between a pointer to object type and a pointer to a different object type

MISRA.CAST.VOID_PTR_TO_INT.2012   Cast between a pointer to void and an arithmetic type

MISRA.CAST.VOID_PTR_TO_OBJ_PTR.2012   Conversion performed from a pointer to void to a pointer to an object

PORTING.CAST.FLTPNT   Cast of a floating point expression to a non floating point type

PORTING.CAST.PTR.FLTPNT   Cast of a pointer to a floating point expression to a non floating point type pointer

PORTING.CAST.PTR.SIZE   Attempt to cast an expression to a type of a potentially incompatible size

732

SV.USAGERULES.PERMISSIONS   Use of Privilege Elevation

754

SV.RVT.RETVAL_NOTTESTED   Ignored Return Value

762

FMM.MIGHT   Freeing Mismatched Memory - possible

FMM.MUST   Freeing Mismatched Memory

764

CONC.DBL_LOCK   Double Lock

765

CONC.DBL_UNLOCK   Double Unlock

768

MISRA.LOGIC.SIDEEFF   Right operand in a logical 'and' or 'or' expression contains side effects

MISRA.LOGIC.SIDEEFF.COND   Branch expression in a conditional expression contains side effects

772

RH.LEAK   Resource leak

783

MISRA.EXPR.PARENS.2012   The precedence of operators within expressions should be made explicit.

MISRA.EXPR.PARENS.INSUFFICIENT   Limited dependence required for operator precedence rules in expressions

786

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

787

ABV.ANY_SIZE_ARRAY   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR   Buffer Overflow - Array Index may be out of Bounds

ABV.MEMBER   Buffer Overflow - Array Index Out of Bounds

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP   Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP   Mapping function failed

ABV.UNICODE.NNTS_MAP   Buffer overflow in mapping character function

ABV.UNICODE.SELF_MAP   Mapping function failed

ABV.UNKNOWN_SIZE   Buffer Overflow - Array Index Out of Bounds

CXX.SUSPICIOUS_INDEX_CHECK   Suspicious use of index after boundary check

CXX.SUSPICIOUS_INDEX_CHECK.CALL   Suspicious use of index in a function call after a boundary check

CXX.SUSPICIOUS_INDEX_CHECK.ZERO   Suspicious use of index after index check for zero

NNTS.MIGHT   Buffer Overflow - Non-null Terminated String

NNTS.MUST   Buffer Overflow - Non-null Terminated String

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

RABV.CHECK   Suspicious use of index before boundary check

RN.INDEX   Suspicious use of index before negative check

SV.FMT_STR.BAD_SCAN_FORMAT   Input format specifier error

SV.STRBO.BOUND_SPRINTF   Buffer Overflow in Bound sprintf

SV.STRBO.UNBOUND_SPRINTF   Buffer Overflow in Unbound sprintf

SV.UNBOUND_STRING_INPUT.CIN   Usage of cin for unbounded string input

SV.UNBOUND_STRING_INPUT.FUNC   Usage of unbounded string input

788

ABV.ANY_SIZE_ARRAY   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

SV.TAINTED.CALL.INDEX_ACCESS   Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.INDEX_ACCESS   Use of Unvalidated Integer as Array Index

798

CXX.SV.PWD.PLAIN   Attempt to set password using a plain string

CXX.SV.PWD.PLAIN.LENGTH   Attempt to set password with a length less than 15 characters

CXX.SV.PWD.PLAIN.LENGTH.ZERO   Attempt to set password with a length of zero characters

HCC   Use of hardcoded credentials

HCC.PWD   Use of a hardcoded password

HCC.USER   Use of a hardcoded user name

805

ABV.ANY_SIZE_ARRAY   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR   Buffer Overflow - Array Index may be out of Bounds

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

CXX.SIZEOF.CSTRING   Use of sizeof on char* may be misleading

INCORRECT.ALLOC_SIZE   Incorrect Allocation Size

SV.TAINTED.CALL.INDEX_ACCESS   Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.INDEX_ACCESS   Use of Unvalidated Integer as Array Index

806

ABV.GENERAL   Buffer Overflow - Array Index Out of Bounds

ABV.GENERAL.MULTIDIMENSION   Buffer Overflow - Array Index Out of Bounds

ABV.ITERATOR   Buffer Overflow - Array Index may be out of Bounds

ABV.MEMBER   Buffer Overflow - Array Index Out of Bounds

ABV.STACK   Buffer Overflow - Local Array Index Out of Bounds

ABV.TAINTED   Buffer Overflow from Unvalidated Input

ABV.UNICODE.BOUND_MAP   Buffer overflow in mapping character function

ABV.UNICODE.FAILED_MAP   Mapping function failed

ABV.UNICODE.NNTS_MAP   Buffer overflow in mapping character function

ABV.UNICODE.SELF_MAP   Mapping function failed

822

SV.TAINTED.CALL.DEREF   Dereference Of An Unvalidated Pointer

SV.TAINTED.DEREF   Dereference Of An Unvalidated Pointer

832

CONC.NO_LOCK   Missing lock for variable

833

CONC.DL   Deadlock

835

INFINITE_LOOP.GLOBAL   Infinite loop

INFINITE_LOOP.LOCAL   Infinite loop

INFINITE_LOOP.MACRO   Infinite loop

843

MISRA.CAST.OBJ_PTR_TO_INT.2012   Conversion performed between a pointer to an object and an integer type

896

ABV.TAINTED   Buffer Overflow from Unvalidated Input

NNTS.TAINTED   Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String

SV.TAINTED.ALLOC_SIZE   Use of Unvalidated Integer in Memory Allocation

SV.TAINTED.BINOP   Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.BINOP   Use of Unvalidated Integer in Binary Operation

SV.TAINTED.CALL.DEREF   Dereference Of An Unvalidated Pointer

SV.TAINTED.CALL.INDEX_ACCESS   Use of Unvalidated Integer as Array Index by Function Call

SV.TAINTED.CALL.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition through a Function Call

SV.TAINTED.DEREF   Dereference Of An Unvalidated Pointer

SV.TAINTED.FMTSTR   Use of Unvalidated Data in a Format String

SV.TAINTED.INDEX_ACCESS   Use of Unvalidated Integer as Array Index

SV.TAINTED.INJECTION   Command Injection

SV.TAINTED.LOOP_BOUND   Use of Unvalidated Integer in Loop Condition

SV.TAINTED.PATH_TRAVERSAL   Use of Unvalidated Data in a Path Traversal

SV.TAINTED.SECURITY_DECISION   Security Decision

SV.TAINTED.XSS.REFLECTED   Cross-site Scripting Vulnerability

910

SV.INCORRECT_RESOURCE_HANDLING.URH   Insecure Resource Handling

1037

SPECTRE.VARIANT1   Potential exploit of speculative execution

1335

MISRA.SHIFT.RANGE   Right operand of shift operation is out of range - greater or equal to max bit-length of left operand, or negative

Support Summary:

  • 92 rules

"MISRA", "MISRA C" and "MISRA C++" are registered trademarks of The MISRA Consortium Limited. ​