Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

Secrets
ABAP
Ansible
Apex
AzureResourceManager
C
C#
C++
CloudFormation
COBOL
CSS
Dart
Docker
Flex
GitHub Actions
Go
HTML
Java
JavaScript
JSON
JCL
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Rust
Scala
Shell
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML
YAML

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

Filtered: 45 rules found

symbolic-execution

Impact

Clean code attribute

The address of an automatic object should not be assigned to another object that may persist after the first object has ceased to exist
Bug
Variables should be initialized before use
Bug
Variables should not be accessed outside of their scope
Bug
Well-defined type-punning method should be used instead of a union-based one
Bug
"std::cmp_*" functions should be used to compare unsigned values with negative values
Bug
"std::cmp_*" functions should be used to compare signed and unsigned values
Code Smell
Account validity should be verified when authenticating users with PAM
Vulnerability
Changing directories improperly when using "chroot" is security-sensitive
Security Hotspot
POSIX functions should not be called with arguments that trigger buffer overflows
Vulnerability
Immediately dangling references and pointers should not be created
Bug
Server hostnames should be verified during SSL/TLS connections
Vulnerability
"pthread_mutex_t" should be unlocked in the reverse order they were locked
Bug
Only valid arguments should be passed to UNIX/POSIX functions
Code Smell
"pthread_mutex_t" should be properly initialized and destroyed
Bug
"pthread_mutex_t" should not be locked when already locked, or unlocked when already unlocked
Bug
Only valid arguments should be passed to stream functions
Code Smell
Using publicly writable directories is security-sensitive
Security Hotspot
Using clear-text protocols is security-sensitive
Security Hotspot
Blocking functions should not be called inside critical sections
Code Smell
Return value of "setuid" family of functions should always be checked
Code Smell
Size of variable length arrays should be greater than zero
Code Smell
"mktemp" family of functions templates should have at least six trailing "X"s
Code Smell
Appropriate size arguments should be passed to "strncat" and "strlcpy"
Code Smell
Moved-from objects should not be relied upon
Code Smell
Server certificates should be verified during SSL/TLS connections
Vulnerability
Weak SSL/TLS protocols should not be used
Vulnerability
Integral operations should not overflow
Bug
Parameter values should be appropriate
Bug
Stack allocated memory and non-owned memory should not be freed
Bug
Closed resources should not be accessed
Bug
Dynamically allocated memory should be released
Bug
Freed memory should not be used
Bug
Memory locations should not be released more than once
Bug
Memory access should be explicitly bounded to prevent buffer overflows
Bug
Zero should not be a possible denominator
Bug
XML parsers should not be vulnerable to XXE attacks
Vulnerability
"nonnull" parameters and return values of "returns_nonnull" functions should not be null
Bug
Null pointers should not be dereferenced
Bug
Member variables should be initialized
Bug
Resources should be closed
Bug
Unused assignments should be removed
Code Smell
Appropriate memory de-allocation should be used
Bug
An object shall not be accessed outside of its lifetime
Bug
Reads and writes on the same file stream shall be separated by a positioning operation
Bug
The value of an object must not be read before it has been set
Bug

The address of an automatic object should not be assigned to another object that may persist after the first object has ceased to exist

intentionality - logical

reliability

Bug

symbolic-execution
based-on-misra
cert

The address of an automatic object should not be persisted beyond the object’s lifetime.

Why is this an issue?

What is the potential impact?

How can I fix it?

More Info

An automatic object is an object whose lifetime is automatically managed. The storage for an automatic object, e.g. a local variable, is allocated at the beginning of the enclosing code block and is deallocated at the end. This is commonly referred to as "allocated on the stack".

If the address of an automatic object is assigned to another automatic object of larger scope, a static or extern object, or if it is returned from a function (using return or an output parameter), then there will be a point where the address will point to an object that ceased to exist. In that case, the address becomes invalid, and attempts to dereference the invalid address — trying to access the object that ceased to exist — result in undefined behavior.

int *global = nullptr;

int* bar(int **out) {
  int local = 42;
  int *ptr;
  global = &local; // Noncompliant: assigning the address of an object allocated on the stack to a global variable
  {
    int i = 9001;
    ptr = &i; // Noncompliant: assigning the address of a stack-allocated object to an object that outlives it
  }
  *out = &local; // Noncompliant: returning the address of an object allocated on the stack (via output parameter)
  return &local; // Noncompliant: returning the address of an object allocated on the stack
}

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Developer Edition
Available Since
9.1

In-IDE

SaaS

Self-Hosted