CoverityCheckerDictionary

A table of Coverity checkers, Coverity impacts, and CWE pages:

name

MITRE/CWE URL

subcategory

impact

ARRAY_VS_SINGLETON

CWE-119

generic

High

Access of memory past the end of a memory buffer

ASSERT_SIDE_EFFECT

CWE-None

generic

Medium

Assertion contains an operation with a side effect

ASSERT_SIDE_EFFECT

CWE-None

side_effect_is_function

Medium

Assertion contains a function call which may have a side effect

ASSIGN_NOT_RETURNING_STAR_THIS

CWE-None

indirect

Low

A user-written assignment operator does not return a reference to *this

ASSIGN_NOT_RETURNING_STAR_THIS

CWE-None

usable_for_chained_assignment

Low

A user-written assignment operator does not return a reference to *this

ATOMICITY

CWE-662

generic

Medium

Critical section does not protect read-update-write of a concurrently shared value

ATOMICITY

CWE-662

generic

Medium

Non-atomic update of a concurrently shared value

BAD_ALLOC_ARITHMETIC

CWE-119

generic

High

Pointer arithmetic performed on freshly allocated memory

BAD_ALLOC_STRLEN

CWE-131

generic

High

String length miscalculation

BAD_COMPARE

CWE-628

generic

Medium

Address of function compared to zero

BAD_EQ

CWE-171

generic

Medium

Using wrong equality operation (Equals or the equivalent method vs "==") for this type

BAD_EQ

CWE-171

referential

Medium

Using non-overloaded "==" when structural equality (Equals or equivalent method) is the norm for this type

BAD_EQ

CWE-171

structural

Medium

Using Equals (or equivalent method) equality when "==" is the norm for this type

BAD_EQ_TYPES

CWE-570

generic

Medium

Structural equality is never true for objects of different types

BAD_FREE

CWE-590

address

High

Free of an address-of expression, which can never be heap allocated

BAD_FREE

CWE-590

alloca

High

Free of stack-allocated buffer

BAD_FREE

CWE-590

array

High

Free of array-typed value

BAD_FREE

CWE-590

first_field_address

High

Free of an address-of the first field of a struct

BAD_FREE

CWE-590

function_pointer

High

Free of function pointer

BAD_FREE

CWE-590

generic

High

Free of an pointer that was not returned from an allocation function

BAD_OVERRIDE

CWE-398

generic

Medium

Virtual function does not override parent method because of type signature mismatch, usually due to const

BAD_SIZEOF

CWE-467

generic

Medium

The sizeof operator was applied to an unintended variable or expression, such as a pointer variable instead of its target

BAD_SIZEOF

CWE-467

sizeof_ptr_expr

Medium

The sizeof operator was applied to a pointer expression, which may not be intended

BUFFER_SIZE

CWE-120

fixed_size_dest

Low

A source buffer of statically unknown size is copied into a fixed-size destination buffer

BUFFER_SIZE

CWE-120

generic

Low

Incorrect buffer manipulation using the wrong sizes may result in buffer overflow

BUFFER_SIZE

CWE-120

likely_overflow

High

Size of destination buffer is smaller than the size argument specified

BUFFER_SIZE

CWE-120

no_null_terminator

High

The string buffer may not have a null terminator if the source string's length is equal to the buffer size

BUFFER_SIZE_WARNING

CWE-170

generic

High

The string buffer may not have a null terminator if the source string's length is equal to the buffer size

BUFFER_SIZE_WARNING

CWE-170

no_null_terminator

High

The string buffer may not have a null terminator if the source string's length is equal to the buffer size

CALL_SUPER

CWE-573

generic

Medium

Overrider does not call the base class method, even though most other overriders do

CHAR_IO

CWE-394

generic

Medium

Stdio character-oriented I/O functions return int values such as EOF not representable by char variables

CHECKED_RETURN

CWE-252

generic

Medium

Value returned from a function is not checked for errors before being used

CHECKED_RETURN

CWE-252

unchecked_arg

Medium

Value returned from a function is not checked for errors, and passed directly to another function as an argument

CHROOT

CWE-243

generic

Medium

A call to chroot followed by an operation that may escape from the chroot jail

COM.BAD_FREE

CWE-416

generic

High

A COM interface is explicitly freed instead of using the recommended Release method

COM.BSTR.ALLOC

CWE-633

double_free

High

Violation of the COM coding standard by freeing a BSTR more than once

COM.BSTR.ALLOC

CWE-633

free_uninit

High

Violation of the COM coding standard by freeing an uninitialized BSTR

COM.BSTR.ALLOC

CWE-633

generic

High

Violation of the COM coding standard by not freeing a BSTR, by using an uninitialized BSTR, or by freeing a non-owned BSTR

COM.BSTR.ALLOC

CWE-633

leak

High

Violation of the COM coding standard by not freeing a BSTR whose last reference is lost in this function

COM.BSTR.ALLOC

CWE-633

use_after_free

High

Violation of the COM coding standard by freeing a non-owned BSTR

COM.BSTR.ALLOC

CWE-633

use_uninit

High

Violation of the COM coding standard by using an uninitialized BSTR

COM.BSTR.CONV

CWE-119

generic

High

A wide character string cannot be converted to a BSTR because it lacks the hidden length field

CONSTANT_EXPRESSION_RESULT

CWE-569

bit_and_with_zero

Medium

Bitwise-and ('&') operation applied to zero always produces zero

CONSTANT_EXPRESSION_RESULT

CWE-569

extra_high_bits

Medium

In an operation, the high-order bits of wider operand do not affect the narrower operand

CONSTANT_EXPRESSION_RESULT

CWE-569

generic

Medium

An operation with non-constant operands that computes a result with constant value

CONSTANT_EXPRESSION_RESULT

CWE-569

logical_vs_bitwise

Medium

Logical operator used in place of bitwise operator or vice versa

CONSTANT_EXPRESSION_RESULT

CWE-569

missing_parentheses

Medium

Missing parentheses caused unintended operator precedence

CONSTANT_EXPRESSION_RESULT

CWE-569

operator_confusion

Medium

Wrong operator used in expression

CONSTANT_EXPRESSION_RESULT

CWE-569

result_independent_of_operands

Medium

An operation with non-constant operands that computes a result with constant value

CONSTANT_EXPRESSION_RESULT

CWE-569

same_on_both_sides

Medium

The same expression occurs on both sides of an operator.

CONSTANT_EXPRESSION_RESULT

CWE-569

unnecessary_op_assign

Medium

Using a bitwise assignment operator to assign a constant value

COPY_PASTE_ERROR

CWE-398

generic

Medium

A copied piece of code is inconsistent with the original

CTOR_DTOR_LEAK

CWE-401

generic

High

Constructor allocates memory but destructor does not free it

DEADCODE

CWE-561

dead_default_in_switch

Medium

Default in switch statement is dead code

DEADCODE

CWE-561

generic

Medium

Code can never be reached because of a logical contradiction

DELETE_ARRAY

CWE-459

generic

High

Using non-array delete on an array of objects, scalars, or pointers allocated with new[]

DELETE_ARRAY

CWE-459

non_array_delete

High

Using array delete on a non-array

DELETE_ARRAY

CWE-459

object

High

Using non-array delete on an array of objects; should be using delete[]

DELETE_ARRAY

CWE-459

scalar

High

Using non-array delete on an array of scalars or pointers allocated with new[]

DELETE_VOID

CWE-459

generic

High

Deleting a void pointer (void*)

DIVIDE_BY_ZERO

CWE-571

generic

Medium

Division or modulo by zero results in undefined behavior.

DUPLICATE_PROCESS

CWE-None

generic

Low

A process is executed multiple times during the build system

ENUM_AS_BOOLEAN

CWE-None

generic

Medium

An enum-typed expression is used in a Boolean conditional context. The enum type does not appear to have a distinguished false (zero) value

EVALUATION_ORDER

CWE-None

generic

Medium

Statement contains multiple side-effects on the same value with an undefined evaluation order

FILE_ACCESS

CWE-None

generic

Low

A file is accessed during the build system that falls outside the build's file access policy

FILE_LEAK

CWE-None

generic

Low

A file created during the build system is not cleaned up by the build in its clean step

FORWARD_CLASSCAST

CWE-704

generic

Medium

Object is checked for compatibility with a particular subtype, but then later downcast without a check

FORWARD_NULL

CWE-476

deref_constant_null

Medium

Dereference of an explicit null value

FORWARD_NULL

CWE-476

deref_constant_zero

Medium

Dereference of an explicit null value

FORWARD_NULL

CWE-476

dynamic_cast

Medium

Dynamic_cast may fail and return null if the type cast is incompatible

FORWARD_NULL

CWE-476

generic

Medium

Pointer is checked against null or assigned to null and then dereferenced

FORWARD_NULL

CWE-476

generic

Medium

Reference may be null but is then dereferenced anyway

FORWARD_NULL

CWE-476

null_from_as

Medium

The "as" conversion may fail and return null if the type cast is incompatible

GUARDED_BY_VIOLATION

CWE-366

generic

Medium

Thread shared data is accessed without holding an appropriate lock, possibly causing a race condition

HFA

CWE-None

generic

Low

A header file was included but none of its contents were used in the rest of the source file

INCOMPATIBLE_CAST

CWE-704

endianness

Medium

Reliance on integer endianness

INCOMPATIBLE_CAST

CWE-704

float_vs_integral

Medium

Cast between floating-point and integral pointers

INCOMPATIBLE_CAST

CWE-704

generic

Medium

Cast between incompatible pointer types

INCOMPATIBLE_CAST

CWE-704

overrun

High

Out-of-bounds access to a scalar

INDIRECT_GUARDED_BY_VIOLATION

CWE-366

generic

Medium

Thread shared data is accessed without holding an appropriate lock, possibly causing a race condition

INFINITE_LOOP

CWE-None

generic

Medium

Infinite loop with unsatisfiable or no exit condition

INFINITE_LOOP

CWE-None

no_escape

Medium

Infinite loop with no exit condition

INTEGER_OVERFLOW

CWE-190

array_index_read

High

Read from array at integer overflowed index

INTEGER_OVERFLOW

CWE-190

array_index_write

High

Write to array at integer-overflowed index

INTEGER_OVERFLOW

CWE-190

const_overflow

Medium

Integer overflow occurs in arithmetic on constant operands

INTEGER_OVERFLOW

CWE-190

critical_argument

Medium

An integer overflow occurs, with the overflowed value used as an argument to a function

INTEGER_OVERFLOW

CWE-190

generic

Medium

An integer overflow occurs, with the overflowed value used in a sensitive operation

INTEGER_OVERFLOW

CWE-190

pointer_deref_read

High

Reads target of an integer-overflowed pointer

INTEGER_OVERFLOW

CWE-190

pointer_deref_write

High

Write to target of an integer-overflowed pointer

INTEGER_OVERFLOW

CWE-190

return_value_error

Medium

An integer overflow occurs, with the overflowed value used as the return value of the function

INVALIDATE_ITERATOR

CWE-404

generic

Medium

An invalid or past-the-end iterator is being used

LOCK

CWE-557

double_lock

Medium

Attempt to acquire a lock more than once on a non-recursive lock

LOCK

CWE-557

generic

Medium

Missing a release or acquire of a lock on a path, or an attempt to acquire a lock more than once

LOCK

CWE-557

lock_assert

Medium

A lock assertion fails because a lock is not held on a path where it is asserted

LOCK

CWE-557

missing_unlock

Medium

Missing a release of a lock on a path

LOCK_INVERSION

CWE-557

generic

Medium

Threads may try to acquire two locks in different orders, potentially causing deadlock

LOCK_ORDERING

CWE-557

generic

Medium

Threads may try to acquire three or more locks in different orders, potentially causing deadlock

MISMATCHED_ITERATOR

CWE-119

generic

High

Using iterator from one container in operations on another container

MISMATCHED_ITERATOR

CWE-119

mismatched_comparison

Medium

Iterators that point to different containers are compared

MISMATCHED_ITERATOR

CWE-119

splice_iterator_mismatch

High

Using iterator from the wrong container as argument to the splice method

MISRA_CAST

CWE-681

bitwise_op_bad_cast

Medium

Bitwise operator << applies to operand with underlying type unsigned short is cast to int (MISRA 2004 Rule 10.5)

MISRA_CAST

CWE-681

bitwise_op_no_cast

Medium

Bitwise operator << applies to operand with underlying type unsigned short is not being immediately cast to that type (MISRA 2004 Rule 10.5)

MISRA_CAST

CWE-681

float_complex_conversion

Medium

Implicitly converting complex expression from float to double (MISRA 2004 Rule 10.2)

MISRA_CAST

CWE-681

float_narrowing_conversion

Medium

Implicitly converting a double expression to narrower float type may lose precision (MISRA 2004 Rule 10.2)

MISRA_CAST

CWE-681

float_non_constant_arg_conversion

Medium

Implicit conversion from float to double in a function argument (MISRA 2004 Rule 10.2)

MISRA_CAST

CWE-681

float_non_constant_rtn_conversion

Medium

Implicit conversion from float to double in a return expression (MISRA 2004 Rule 10.2)

MISRA_CAST

CWE-681

float_to_integer_cast

Medium

Complex expression cast from 64-bit float to 16-bit int (MISRA 2004 Rule 10.4)

MISRA_CAST

CWE-681

float_to_integer_conversion

Medium

Implicit conversion from float to 16-bit integer type (MISRA 2004 Rule 10.2)

MISRA_CAST

CWE-681

float_widening_cast

Medium

Complex expression cast from 32-bit float to 64-bit float (MISRA 2004 Rule 10.4)

MISRA_CAST

CWE-681

generic

Medium

Cast operation violates MISRA standard (MISRA 2004 Rules 10.1 - 10.5)

MISRA_CAST

CWE-681

integer_complex_conversion

Medium

Implicitly converting the type of a complex expression (MISRA 2004 Rule 10.1)

MISRA_CAST

CWE-681

integer_narrowing_conversion

Medium

Implicitly converting an integer expression to a narrower integer type may truncate value (MISRA 2004 Rule 10.1)

MISRA_CAST

CWE-681

integer_non_constant_arg_conversion

Medium

Implicitly converting the integer type of a non-constant function argument expression (MISRA 2004 Rule 10.1)

MISRA_CAST

CWE-681

integer_non_constant_rtn_conversion

Medium

Implicitly converting the integer type of a non-constant return expression (MISRA 2004 Rule 10.1)

MISRA_CAST

CWE-681

integer_signedness_changing_cast

Medium

Complex expression cast from 32-bit int to 32-bit unsigned int (MISRA 2004 Rule 10.3)

MISRA_CAST

CWE-681

integer_signedness_changing_conversion

Medium

Implicitly converting the signedness of an integer value (MISRA 2004 Rule 10.1)

MISRA_CAST

CWE-681

integer_to_float_cast

Medium

Complex expression cast from int to 64-bit float (MISRA 2004 Rule 10.3)

MISRA_CAST

CWE-681

integer_to_float_conversion

Medium

Implicitly converting complex expression with integer type to floating type (MISRA 2004 Rule 10.1)

MISRA_CAST

CWE-681

integer_widening_cast

Medium

Complex expression with underlying type 16-bit unsigned value cast to wider type 32-bit unsigned value (MISRA 2004 Rule 10.3)

MISSING_BREAK

CWE-484

generic

Medium

Missing break statement between cases in switch statement

MISSING_LOCK

CWE-366

generic

Medium

Thread shared data is accessed without holding an appropriate lock, possibly causing a race condition

MISSING_RETURN

CWE-None

generic

High

Function that returns non-void is missing a return value or multiple return statements violate local coding standard

MISSING_RETURN

CWE-None

multiple_returns

Low

Multiple return statements violates local coding standard

MIXED_ENUMS

CWE-None

generic

Medium

An enum-typed expression is mixed with a different enum type

MIXED_ENUMS

CWE-None

inferred

Medium

An integer expression which was inferred to have an enum type is mixed with a different enum type

MUTABLE_COMPARISON

CWE-398

generic

Low

The CompareTo method should not read from non-constant fields

MUTABLE_HASHCODE

CWE-398

generic

Low

The GetHashCode method should not read from non-constant fields

NEGATIVE_RETURNS

CWE-394

array_index_read

High

Negative value used to index an array in a read operation

NEGATIVE_RETURNS

CWE-394

array_index_write

High

Negative value used to index an array in a write operation

NEGATIVE_RETURNS

CWE-394

critical_argument

Medium

Negative value used as argument to a function expecting a positive value (for example, size of buffer or allocation)

NEGATIVE_RETURNS

CWE-394

generic

Medium

Negative value returned from function is not being checked before being used improperly

NEGATIVE_RETURNS

CWE-394

loop_bound

Medium

Negative value used as a loop upper bound

NO_EFFECT

CWE-398

array_null

Medium

Array compared against NULL pointer

NO_EFFECT

CWE-398

bad_memset_fill_value

High

A memset fill value of ASCII character '0' is likely intended to be 0

NO_EFFECT

CWE-398

bad_memset_truncated_fill

High

The memset fill value must be between -1 and 255, other values will be truncated

NO_EFFECT

CWE-398

bad_memset_zero_size

High

A memset buffer size of 0 may indicate confusing the size and fill parameters

NO_EFFECT

CWE-398

bool_switch

Medium

A boolean test within a switch condition is likely an intended assignment

NO_EFFECT

CWE-398

extra_comma

Medium

Comma operator has a left sub-expression with no side-effects

NO_EFFECT

CWE-398

generic

Medium

An expression with no side-effect or unintended effect indicates a possible logic flaw

NO_EFFECT

CWE-398

incomplete_delete

High

Delete operator only applies to one argument in a comma expression, may cause memory leak

NO_EFFECT

CWE-398

no_effect_deref

Medium

Increment (or decrement) of pointer value, not the value pointed-to

NO_EFFECT

CWE-398

no_effect_test

Medium

A test that is an isolated statement with no effect is likely an intended assignment

NO_EFFECT

CWE-398

self_assign

Medium

Assignment of a variable or expression to itself has no effect

NO_EFFECT

CWE-398

unsigned_compare_macros

Medium

An unsigned value can never be less than 0

NO_EFFECT

CWE-398

unsigned_compare

Medium

An unsigned value can never be less than 0

NO_EFFECT

CWE-398

unsigned_enums

Medium

An enumeration value is usually not less than 0

NON_STATIC_GUARDING_STATIC

CWE-366

generic

Medium

Static field is protected by a per-instance lock

NULL_RETURNS

CWE-476

generic

Medium

Return value of function which returns null is dereferenced without checking

NULL_RETURNS

CWE-476

unimpl

Medium

Return value of function, which is statistically inferred to return null, but with no source code available, is dereferenced

OPEN_ARGS

CWE-687

generic

Medium

The open system call may create a file, but no permissions are specified

ORDER_REVERSAL

CWE-557

generic

Medium

Threads may try to acquire two locks in different orders, potentially causing deadlock

OTHER

CWE-None

generic

Low

Unclassified violation

OVERFLOW_BEFORE_WIDEN

CWE-190

generic

Medium

An integer overflow occurs, with the result converted to a wider integer type

OVERRUN_DYNAMIC

CWE-119

generic

High

Out-of-bounds access to an array

OVERRUN_DYNAMIC

CWE-119

read

High

Out-of-bounds read from a dynamically allocated buffer

OVERRUN_DYNAMIC

CWE-119

strlen

High

Allocation size does not include space for the null-terminator needed for a string

OVERRUN_DYNAMIC

CWE-119

write

High

Out-of-bounds write to a dynamically allocated buffer

OVERRUN

CWE-119

generic

High

Out-of-bounds access to a buffer

OVERRUN

CWE-119

read

High

Out-of-bounds read from a buffer

OVERRUN

CWE-119

strlen

High

Allocation size does not include space for the null-terminator needed for a string

OVERRUN

CWE-119

write

High

Out-of-bounds write to a buffer

OVERRUN_STATIC

CWE-119

generic

High

Out-of-bounds access to an array

OVERRUN_STATIC

CWE-119

read

High

Out-of-bounds read from an array

OVERRUN_STATIC

CWE-119

write

High

Out-of-bounds write to an array

PARSE_ERROR

CWE-None

generic

Low

A parse error caused an entire compilation unit to be skipped by Coverity Static Analysis

PASS_BY_VALUE

CWE-None

generic

Low

A large function call parameter or exception catch statement is passed by value

POLICY

CWE-None

generic

Low

A process executed during the build violated a local build policy

PW.ASSIGN_WHERE_COMPARE_MEANT

CWE-481

generic

Medium

An assignment (=) occurs where compare (==) is probably intended

PW.BAD_CAST

CWE-704

generic

Medium

A cast from an integer to a pointer of narrower precision

PW.BAD_PRINTF_FORMAT_STRING

CWE-628

generic

Medium

A printf format string contains an unrecognized format specifier

PW.BRANCH_PAST_INITIALIZATION

CWE-457

generic

Medium

A goto jumps past the initialization of a variable

PW.CONVERSION_TO_POINTER_LOSES_BITS

CWE-704

generic

Medium

A cast from an integer to a pointer of narrower precision

PW.DIVIDE_BY_ZERO

CWE-369

generic

Medium

Divide by zero

PW.EXPR_HAS_NO_EFFECT

CWE-None

generic

Medium

An expression with no side-effect or unintended effect indicates a possible logic flaw

PW.*

CWE-398

generic

Low

A parse warning from the Coverity parser may indicate a bug, or poor coding practice

PW.INCLUDE_RECURSION

CWE-None

generic

Low

Recursion in included header files

PW.INTEGER_OVERFLOW

CWE-190

generic

Medium

An integer overflow occurs at compile time when parsing this expression

PW.INTEGER_TOO_LARGE

CWE-190

generic

Medium

An integer overflow occurs at compile time when parsing this expression

PW.NON_CONST_PRINTF_FORMAT_STRING

CWE-134

generic

Low

A non-constant printf format string may be susceptible to format string attacks

PW.PRINTF_ARG_MISMATCH

CWE-686

generic

Medium

A printf format string does not match the types of one of the arguments

PW.RETURN_PTR_TO_LOCAL_TEMP

CWE-562

generic

High

Returning a pointer to a temporary variable, which will be destroyed on function exit

PW.SHIFT_COUNT_TOO_LARGE

CWE-190

generic

Medium

An integer overflow occurs at compile time when parsing this expression

PW.TOO_FEW_PRINTF_ARGS

CWE-685

generic

Medium

The number of arguments to printf does not match the format string

PW.TOO_MANY_PRINTF_ARGS

CWE-685

generic

Medium

The number of arguments to printf does not match the format string

PW.UNSIGNED_COMPARE_WITH_NEGATIVE

CWE-570

generic

Medium

An unsigned value, which can never be less than 0, is compared with a negative value

READLINK

CWE-170

generic

High

The readlink system call may return a value equal to the buffer size, which causes an access one past the end

RESOURCE_LEAK

CWE-404

channel

High

Leak of a channel object

RESOURCE_LEAK

CWE-404

database

High

Leak of a database connection

RESOURCE_LEAK

CWE-404

fds_handles

High

Leak of a system resource with an integer descriptor such as a file descriptor or a handle in Windows

RESOURCE_LEAK

CWE-404

generic

High

Leak of a system resource such as memory, file handles, or sockets

RESOURCE_LEAK

CWE-404

generic

High

Leak of a system resource such as streams, channels, or other resources

RESOURCE_LEAK

CWE-404

socket

High

Leak of a socket resource

RESOURCE_LEAK

CWE-404

stream

High

Leak of a stream representing a file or other resource

RETURN_LOCAL

CWE-562

generic

High

Pointer to a local stack variable returned or used outside scope

REVERSE_INULL

CWE-476

generic

Medium

All paths that lead to this null pointer comparison already dereference the pointer earlier

REVERSE_INULL

CWE-476

generic

Medium

All paths that lead to this null reference comparison already dereference the pointer earlier

REVERSE_NEGATIVE

CWE-394

array_index_read

High

Read from array at negative index

REVERSE_NEGATIVE

CWE-394

array_index_write

High

Write to array at negative index

REVERSE_NEGATIVE

CWE-394

critical_argument

High

Negative value used as argument to a function expecting a positive value (for example, size of buffer or allocation)

REVERSE_NEGATIVE

CWE-394

generic

Medium

Negative value used incorrectly where positive value is expected

RW.*

CWE-None

generic

Low

A parse error caused a function to be skipped by Coverity Static Analysis

SECURE_CODING

CWE-676

generic

Low

Calling a function which may pose a security risk if it is used inappropriately

SECURE_TEMP

CWE-377

generic

Low

Using an insecure temporary file creation function

SIGN_EXTENSION

CWE-194

generic

Medium

Value may be sign extended unintentionally

SIZECHECK

CWE-131

ampersand_in_size

High

Allocation size is computed using the bitwise-and operator (&), which is likely to be a typo

SIZECHECK

CWE-131

generic

High

The allocation size is computed incorrectly

SIZECHECK

CWE-131

improper_new

High

This invocation of operator new only creates one value, not an array of values

SIZECHECK

CWE-131

incorrect_multiplication

High

Allocation size is not a multiple of the target pointer's pointed-to type

SIZECHECK

CWE-131

likely_overflow

High

Allocation size is too small for the type of object being allocated

SIZECHECK

CWE-131

no_null_terminator

High

Allocation size for a string is equal to the strlen of another string, which does not include extra byte for null termination

SIZEOF_MISMATCH

CWE-569

extra_sizeof

Medium

The sizeof operator is not required in the expression

SIZEOF_MISMATCH

CWE-569

generic

Medium

The sizeof operator is used erroneously in an expression or is invoked on the wrong argument

SIZEOF_MISMATCH

CWE-569

missing_parentheses

High

Missing parentheses caused unintended operator precedence of casting before the pointer arithmetic

SIZEOF_MISMATCH

CWE-569

sizeof_punning

Low

The sizeof operator is used on a wrong argument that incidentally has the same size

SIZEOF_MISMATCH

CWE-569

wrong_sizeof

Medium

The sizeof operator is invoked on the wrong argument

SLEEP

CWE-557

generic

Medium

A lock is held while waiting for a long running or blocking operation to complete

STACK_USE

CWE-400

generic

Low

Excessive use of stack memory by local variables or parameters

STRAY_SEMICOLON

CWE-398

generic

Medium

A semicolon was erroneously inserted at a wrong point in the code, e.g. after an if, while, or for construct and before the block

STREAM_FORMAT_STATE

CWE-None

generic

Medium

Not restoring the stream format state of an ostream or setf called with invalid format state

STREAM_FORMAT_STATE

CWE-None

suspicious_setf_mask

Medium

setf (or a similar) was called, but the argument was not recognized as being composed of valid format state bits

STRING_NULL

CWE-170

generic

High

A character buffer that has not been null terminated is passed to a function expecting a null terminated string

STRING_OVERFLOW

CWE-120

fixed_size_dest

Low

A source buffer of statically unknown size is copied into a fixed-size destination buffer

STRING_OVERFLOW

CWE-120

generic

High

Size of destination buffer is smaller than the size of the source buffer or size of the source buffer is unknown

STRING_OVERFLOW

CWE-120

likely_overflow

High

Size of destination buffer is smaller than the size of the source buffer

STRING_SIZE

CWE-120

generic

High

A source buffer of arbitrarily large size is used where a fixed-size destination buffer is expected

SW.*

CWE-None

generic

Low

The function contains a non-portable or non-standard construct forcing the Coverity parser to guess the meaning

SYMBIAN.CLEANUP_STACK

CWE-459

bad_pop_arg

Medium

The cleanup stack is not empty at the end of the function, or function pops elements incorrectly

SYMBIAN.CLEANUP_STACK

CWE-459

double_free

High

An object is freed twice because it is explicitly freed twice, on the cleanup stack more than once, or it is deallocated but still on the cleanup stack

SYMBIAN.CLEANUP_STACK

CWE-459

generic

High

Error in the interaction of the code with the Symbian cleanup stack API

SYMBIAN.CLEANUP_STACK

CWE-459

leak

High

An object is not on the cleanup stack when a leave occurs or an allocated object goes out of scope, causing a leak

SYMBIAN.CLEANUP_STACK

CWE-459

multiple_pushes

Medium

A function pushes more than one object onto the cleanup stack in at least one possible execution

SYMBIAN.NAMING

CWE-None

generic

Low

Violation of the Symbian naming convention

SYMBIAN.NAMING

CWE-None

naming_LC

Low

Violation of the Symbian naming convention: functions that push an element to the cleanup stack should contain LC in their suffix

SYMBIAN.NAMING

CWE-None

naming_L

Low

Violation of the Symbian naming convention: leaving functions should contain L in their suffix

TAINTED_SCALAR

CWE-20

array_index_read

Medium

Read from array at index computed using an unscrutinized value from an untrusted source

TAINTED_SCALAR

CWE-20

array_index_write

Medium

Write to array at index computed using an unscrutinized value from an untrusted source

TAINTED_SCALAR

CWE-20

critical_argument

Medium

An unscrutinized value from an untrusted source used as argument to a function (for example, a buffer size)

TAINTED_SCALAR

CWE-20

generic

Medium

An unscrutinized value from an untrusted source used in a trusted context

TAINTED_SCALAR

CWE-20

loop_bound

Medium

An unscrutinzed value from an untrusted source used as a loop upper bound

TAINTED_SCALAR

CWE-20

pointer_deref_read

Medium

Reads target of a pointer computed using an unscrutinized value from an untrusted source

TAINTED_SCALAR

CWE-20

pointer_deref_write

Medium

Write to target of pointer computed using an unscrutinized value from an untrusted source

TAINTED_STRING

CWE-20

format_string

Medium

An unscrutinized value from an untrusted source used to construct a format string

TAINTED_STRING

CWE-20

generic

Medium

An unscrutinized string from an untrusted source used in a trusted context

TAINTED_STRING_WARNING

CWE-134

format_string

Low

A non-constant string used to construct a format string

TAINTED_STRING_WARNING

CWE-134

generic

Low

A non-constant string used to construct a format string

TOCTOU

CWE-367

generic

Low

A check occurs on a file's attributes before the file is used in a privileged operation, but things may have changed

UNCAUGHT_EXCEPT

CWE-248

generic

Medium

A C++ exception is thrown but never caught

UNINIT_CTOR

CWE-457

generic

Medium

A class member is not initialized by the constructor

UNINIT_CTOR

CWE-457

pointer

Medium

A pointer field is not initialized in the constructor

UNINIT

CWE-457

array_index_read

High

Read from array at uninitialized index

UNINIT

CWE-457

array_index_write

High

Write to array at uninitialized index

UNINIT

CWE-457

generic

High

Use of an uninitialized value

UNINIT

CWE-457

pointer_deref_read

High

Reads an uninitialized pointer or its target

UNINIT

CWE-457

pointer_deref_write

High

Write to target of an uninitialized pointer

UNREACHABLE

CWE-561

generic

Medium

Code block is unreachable because of the syntactic structure of the code

UNUSED_VALUE

CWE-563

generic

Low

Pointer returned from a function was never used

USE_AFTER_FREE

CWE-416

deref_read_after_free

High

Reads target of a freed pointer

USE_AFTER_FREE

CWE-416

deref_write_after_free

High

Write to target of a freed pointer

USE_AFTER_FREE

CWE-416

double_free

High

Memory is deallocated more than once

USE_AFTER_FREE

CWE-416

generic

High

A pointer to freed memory is dereferenced, used as a function argument, or otherwise used

USER_POINTER

CWE-20

generic

Low

A user-land pointer is dereferenced without safety checks in the kernel

VARARGS

CWE-234

generic

Medium

Incorrect usage of variable argument macros; use va_start or va_copy to begin processing and va_end to finish

VIRTUAL_DTOR

CWE-772

empty_dtor

Low

The correct derived class destructor that happens to be empty is not invoked due to the absence of a virtual destructor in the base class

VIRTUAL_DTOR

CWE-772

generic

High

The correct derived class destructor is not invoked due to the absence of a virtual destructor in the base class

WRAPPER_ESCAPE

CWE-416

COM_deref_read_after_free

High

Reads target of a freed internal pointer of a COM object

WRAPPER_ESCAPE

CWE-416

COM_deref_write_after_free

High

Write to target of a freed internal pointer of a COM object

WRAPPER_ESCAPE

CWE-416

COM_use_after_free

High

An internal pointer of a COM string object remains available after the object is freed

WRAPPER_ESCAPE

CWE-416

deref_read_after_free

High

Reads target of a freed internal pointer

WRAPPER_ESCAPE

CWE-416

deref_write_after_free

High

Write to target of a freed internal pointer

WRAPPER_ESCAPE

CWE-416

generic

High

An internal pointer of a wrapper object remains available after the object is freed

CoverityCheckerDictionary (last edited 2012-12-05 21:44:08 by allanlesage)