We are happy to announce the release of Cppcheck Premium 22.5.0!
The Cppcheck Premium 22.5.0 release introduce new CERT checks targeting concurrency issues, environmental stability, proper function usage, and file I/O integrity. They address race conditions, correct loop wrapping for unreliable functions, and safe signal handling in multithreaded programs. The update warns against relying on unstable environment pointers, improper system calls, and misaligned pointer casting. It ensures the accuracy in function calls, immutable object respect, and proper handling in pointer-restricted contexts. For file operations, it differentiates EOF scenarios, discourages FILE object copying, and prevents race conditions. Additionally, it covers secure random number generation, macro expansion caution, string type clarity, and signal usage within signal handlers.
Release notes:
- Cert check: con33: Avoid race conditions when using library functions
- Cert check: con36: Wrap functions that can spuriously wake up in a loop
- Cert check: con37: Do not call signal() in a multithreaded program
- Cert check: con41: Wrap functions that can fail spuriously in a loop
- Cert check: env31: Do not rely on an environment pointer following an operation that may invalidate it
- Cert check: env33: Do not call system()
- Cert check: exp36: Do not cast pointers into more strictly aligned pointer types
- Cert check: exp37: Call functions with the correct number and type of arguments
- Cert check: exp39: Do not access a variable through a pointer of an incompatible type
- Cert check: exp40: Do not modify constant objects
- Cert check: exp42: Do not compare padding data
- Cert check: exp43: Avoid undefined behavior when using restrict-qualified pointers
- Cert check: fio34: Distinguish between characters read from a file and EOF or WEOF
- Cert check: fio38: Do not copy a FILE object
- Cert check: fio41: Do not call getc(), putc(), getwc(), or putwc() with a stream argument that has side effects
- Cert check: fio45: Avoid TOCTOU race conditions while accessing files
- Cert check: msc30: Do not use the rand() function for generating pseudorandom numbers
- Cert check: msc32: Properly seed pseudorandom number generators
- Cert check: msc33: Do not pass invalid data to the asctime() function
- Cert check: pre31: expression with side effects is repeated in expanded macro
- Cert check: str38: Do not confuse narrow and wide character strings and functions
- Cert check: sig34: Do not call signal() from within interruptible signal handlers