C and C++ checker reference

From current

Reference > C and C++ checker reference

To download all of these pages from the Wiki as a PDF, go to the Documentation Wiki Bookshelf.

See also:

Checker code Description Default severity Enabled by default? Introduced Improved
ABV.ANY_SIZE_ARRAY Buffer overflow—unspecified-sized array index out of bounds 1 Yes Pre-9.2 9.5
ABV.GENERAL Buffer overflow—array index out of bounds 1 Yes 9.6
ABV.ITERATOR Buffer overflow—array index may be out of bounds in an iteration 1 Yes Pre-9.2 9.5
ABV.MEMBER Buffer overflow—array index out of bounds in a structure 1 Yes 9.5
ABV.STACK Buffer overflow—local array index out of bounds 1 Yes Pre-9.2 9.5
ABV.TAINTED Buffer overflow—array index from tainted input out of bounds 1 Yes Pre-9.2 9.5
ABV.UNICODE.BOUND_MAP Buffer overflow—array index out of bounds in mapping function 1 No Pre-9.2 9.5
ABV.UNICODE.FAILED_MAP Buffer overflow—array index out of bounds in failed mapping function 1 No Pre-9.2 9.5
ABV.UNICODE.NNTS_MAP Buffer overflow from non null-terminated string in mapping function 1 No Pre-9.2 9.5
ABV.UNICODE.SELF_MAP Buffer overflow—array index out of bounds in failed mapping function 1 No 9.6
ABV.UNKNOWN_SIZE Buffer overflow—unknown-sized array index out of bounds 1 Yes 9.6
ASSIGCOND.CALL Function call in assignment in conditional statement 3 No Pre-9.2
ASSIGCOND.GEN Assignment in conditional expression 3 No Pre-9.2
BSTR.CAST.C Incorrect C style type cast to BSTR 4 No Pre-9.2
BSTR.CAST.CPP Incorrect C++ style type cast to BSTR 4 No Pre-9.2
BSTR.FUNC.ALLOC Incorrect call to BSTR allocating function 4 No Pre-9.2
BSTR.FUNC.FREE Incorrect call to BSTR freeing function 4 No Pre-9.2
BSTR.FUNC.LEN Attempt to get length of non-BSTR string using BSTR function 4 No Pre-9.2
BSTR.FUNC.REALLOC Incorrect call to BSTR reallocating function 4 No Pre-9.2
BSTR.IA.ASSIGN BSTR variable is assigned a non-BSTR value 4 No Pre-9.2
BSTR.IA.INIT BSTR variable is initialized with a non-BSTR value 4 No Pre-9.2
BSTR.OPS.ARITHM Incorrect arithmetic operation with BSTR values 4 No Pre-9.2
BSTR.OPS.COMP Incorrect comparison operation with BSTR values 4 No Pre-9.2
BSTR.OPS.EQS Incorrect equality comparison of BSTR values 4 No Pre-9.2
BYTEORDER.HTON.SEND Byte order not converted before host-to-network send 3 No 9.2
BYTEORDER.HTON.WRITE Byte order not converted before host-to-network write 3 No 9.2
BYTEORDER.NTOH.READ Byte order not converted after network-to-host read 3 No 9.2
BYTEORDER.NTOH.RECV Byte order not converted after network-to-host receive 3 No 9.2
CL.ASSIGN.NON_CONST_ARG Non-constant object passed to assign operator= 4 Yes 9.5
CL.ASSIGN.RETURN_CONST Non-constant object returned with assign operator= 4 Yes 9.5
CL.ASSIGN.VOID Void returned with assign operator= 4 Yes 9.5
CL.FFM.ASSIGN Freeing freed memory due to missing assign operator= 3 Yes Pre-9.2 9.5
CL.FFM.COPY Freeing freed memory due to missing copy constructor 3 Yes Pre-9.2 9.5
CL.FMM Freeing memory with mismatched functions 3 Yes Pre-9.2 9.5
CL.MLK Memory leak in destructor 3 Yes Pre-9.2 9.5
CL.MLK.VIRTUAL Virtual memory leak 2 Yes Pre-9.2 9.5
CL.SELF-ASSIGN Freeing freed memory due to missing self-assignment check 2 Yes Pre-9.2 9.5
CONC.DL Deadlock 2 No 9.2
CONC.NO_UNLOCK Missing unlock 2 Yes Pre-9.2
CONC.SLEEP Call to blocking function in critical section 3 Yes Pre-9.2
CWARN.ALIGNMENT Possible incorrect pointer scaling 4 Yes 9.5
CWARN.BITOP.SIZE Operands of different size in bitwise operation 4 Yes 10.0
CWARN.BOOLOP.INC Attempt to increment or decrement boolean 4 Yes Pre-9.2 9.5
CWARN.CMPCHR.EOF Char expression is compared with EOF constant 4 No 9.2 9.5
CWARN.CONSTCOND.DO Condition of do expression is constant 4 No Pre-9.2 9.5
CWARN.CONSTCOND.IF Condition of if expression is constant 4 No Pre-9.2 9.5
CWARN.CONSTCOND.SWITCH Switch selector expression is constant 4 No Pre-9.2 9.5
CWARN.CONSTCOND.TERNARY Condition of ternary expression is constant 4 No Pre-9.2 9.5
CWARN.CONSTCOND.WHILE Condition of while expression is constant 4 No Pre-9.2 9.5
CWARN.COPY.NOASSIGN Class defines copy constructor but no assignment operator 4 No Pre-9.2 9.5
CWARN.DTOR.NONVIRT.DELETE Delete expression in a class with virtual methods and no virtual destructor 2 Yes Pre-9.2 9.5
CWARN.DTOR.NONVIRT.NOTEMPTY Inherited virtual functions in class, but destructor is not virtual and not empty 2 Yes Pre-9.2 9.5
CWARN.EMPTY.LABEL Empty label statement 4 No Pre-9.2 9.5
CWARN.EMPTY.TYPEDEF Missing typedef name 4 No Pre-9.2 9.5
CWARN.FUNCADDR Function address is used instead of a call to the function 2 No Pre-9.2 9.5
CWARN.HIDDEN.PARAM Parameter hidden by local variable 4 No Pre-9.2 9.5
CWARN.IMPLICITINT Anachronistic implicit int 4 No Pre-9.2 9.5
CWARN.INCL.ABSOLUTE Absolute path is used in include directive 4 No 9.6
CWARN.INCL.NO_INTERFACE Source file does not include its interface header 4 No 10.0
CWARN.INLINE.NONFUNC Keyword inline is used with non-function 4 No Pre-9.2 9.5
CWARN.MEM.NONPOD Memory manipulation routine applied to a non-POD object 4 Yes 10.0
CWARN.MEMBER.INIT.ORDER Initialization list members are not in the correct order 4 No 9.5
CWARN.MEMSET.SIZEOF.PTR Memset-like function with 'sizeof' applied to pointer 4 No 10.0
CWARN.NOEFFECT.UCMP.GE Ineffective comparison of unsigned value is always true 4 Yes Pre-9.2 9.5
CWARN.NOEFFECT.UCMP.GE.MACRO Ineffective comparison of unsigned value in a macro is always true 4 No Pre-9.2 9.5
CWARN.NOEFFECT.UCMP.LT Ineffective comparison of unsigned value is always false 4 Yes Pre-9.2 9.5
CWARN.NOEFFECT.UCMP.LT.MACRO Ineffective comparison of unsigned value in a macro is always false 4 No Pre-9.2 9.5
CWARN.NOEFFECT.SELF_ASSIGN Ineffective self-assignment 4 No 9.2 9.5
CWARN.NULLCHECK.FUNCNAME Ineffective function address check 4 Yes Pre-9.2 9.5
CWARN.OVERRIDE.CONST Function override fails due to mismatch of const qualifiers 4 Yes Pre-9.2 9.5
CWARN.PACKED.TYPEDEF Attribute 'packed' is ignored in typedef 4 No Pre-9.2 9.5
CWARN.PASSBYVALUE.ARG Function argument passed by value is too large 4 No Pre-9.2 9.5
CWARN.PASSBYVALUE.EXC Exception object passed by value is too large 4 No Pre-9.2 9.5
CWARN.RET.MAIN Incorrect return type for main 4 Yes Pre-9.2 9.5
CWARN.SIGNEDBIT Signed bit field has only one bit 4 Yes Pre-9.2 9.5
EFFECT Statement has no effect 4 No Pre-9.2
FMM.MIGHT Freeing memory possible with mismatched function 2 Yes Pre-9.2
FMM.MUST Freeing memory with mismatched function 1 Yes Pre-9.2
FNH.MIGHT Freeing non-heap memory possible 1 Yes Pre-9.2
FNH.MUST Freeing non-heap memory 2 Yes Pre-9.2
FREE.INCONSISTENT Freeing memory inconsistent 3 No Pre-9.2
FUM.GEN.MIGHT Freeing unallocated memory possible 1 Yes Pre-9.2
FUM.GEN.MUST Freeing unallocated memory 1 Yes Pre-9.2
FUNCRET.GEN Non-void function doesn't return value 1 Yes Pre-9.2
FUNCRET.IMPLICIT Non-void function implicitly returning int doesn't return value 2 Yes Pre-9.2
INCONSISTENT.LABEL Inconsistent case labels 4 Yes Pre-9.2 9.5
INCORRECT.ALLOC_SIZE Incorrect allocation size 3 Yes Pre-9.2
INFINITE_LOOP.GLOBAL Infinite loop with global variable 2 No 9.5
INFINITE_LOOP.LOCAL Infinite loop with local variable 2 Yes 9.5
INFINITE_LOOP.MACRO Infinite loop in macro 2 No 9.5
ITER.INAPPROPRIATE Use of iterator with inappropriate container object 4 Yes 9.5
ITER.INAPPROPRIATE.MULTIPLE Use of iterators with inappropriate container object 4 Yes 9.5
ITER.CONTAINER.MODIFIED Invalid iterator 3 Yes Pre-9.2
ITER.END.DEREF.MIGHT Dereference of 'end' iterator 3 Yes 9.5
ITER.END.DEREF.MUST Dereference of 'end' iterator 3 Yes 9.5
LA_UNUSED Unused label 4 No Pre-9.2
LOCRET.ARG Function returns address of local variable 1 Yes Pre-9.2 9.5
LOCRET.GLOB Function returns address of local variable in a global variable 1 Yes Pre-9.2 9.5
LOCRET.RET Function returns address of local variable in return 1 Yes Pre-9.2 9.5
LV_UNUSED.GEN Unused local variable 4 No Pre-9.2
MLK.MIGHT Memory leak possible 2 Yes Pre-9.2 9.2, 9.5
MLK.MUST Memory leak 2 Yes Pre-9.2 9.2, 9.5
MLK.RET.MIGHT Memory leak possible 2 No 9.6
MLK.RET.MUST Memory leak 2 Yes 9.6
NNTS.MIGHT Buffer overflow possible from non null-terminated string 1 Yes Pre-9.2 9.2
NNTS.MUST Buffer overflow from non null-terminated string 1 Yes Pre-9.2 9.2
NNTS.TAINTED Buffer overflow from non null-terminated string in tainted input 1 Yes Pre-9.2 9.2
NPD.CHECK.CALL.MIGHT Previously checked null pointer may be dereferenced through a function call 1 Yes Pre-9.2 9.2, 9.5
NPD.CHECK.CALL.MUST Previously checked null pointer is dereferenced through a function call 1 Yes Pre-9.2 9.2, 9.5
NPD.CHECK.MIGHT Previously checked null pointer may be dereferenced 1 Yes Pre-9.2 9.2, 9.5
NPD.CHECK.MUST Previously checked null pointer is dereferenced 1 Yes Pre-9.2 9.2, 9.5
NPD.CONST.CALL Null-pointer constant value may be dereferenced through a function call 1 No Pre-9.2 9.2, 9.5
NPD.CONST.DEREF Null-pointer constant value is dereferenced 1 No Pre-9.2 9.2, 9.5
NPD.FUNC.CALL.MIGHT Possible null pointer may be dereferenced through a conditional function call 1 No Pre-9.2 9.2, 9.5
NPD.FUNC.CALL.MUST Possible null pointer may be dereferenced through a function call 1 No Pre-9.2 9.2, 9.5
NPD.FUNC.MIGHT Possible null pointer may be dereferenced 1 Yes Pre-9.2 9.2, 9.5
NPD.FUNC.MUST Possible null pointer is dereferenced 1 Yes Pre-9.2 9.2, 9.5
NPD.GEN.CALL.MIGHT Possible assigned null pointer may be dereferenced through a conditional function call 1 Yes Pre-9.2 9.2, 9.5
NPD.GEN.CALL.MUST Possible assigned null pointer will be dereferenced through a function call 1 Yes Pre-9.2 9.2, 9.5
NPD.GEN.MIGHT Possible assigned null-pointer constant value may be dereferenced 1 Yes Pre-9.2 9.2, 9.5
NPD.GEN.MUST Assigned null-pointer constant value may be dereferenced 1 Yes Pre-9.2 9.2, 9.5
PORTING.BITFIELDS Bit fields in a structure 4 No 9.2 9.5
PORTING.BSWAP.MACRO Use of a custom byte-swap macro without endianness check 4 No 9.2 9.5
PORTING.BYTEORDER.SIZE Use of an incompatible type with a network conversion macro 4 No 9.2 9.5
PORTING.CAST.FLTPNT Cast between floating point and non-floating point types 4 No 9.2 9.5
PORTING.CAST.PTR Cast between pointer and non-pointer types 4 No 9.2 9.5
PORTING.CAST.PTR.FLTPNT Pointer cast between floating point and non-floating point types 4 No 9.2 9.5
PORTING.CAST.PTR.SIZE Pointer cast to a type of potentially incompatible size 4 No 9.2 9.5
PORTING.CAST.SIZE Cast of an expression to a type of potentially incompatible size 4 No 9.2 9.5
PORTING.CMPSPEC.EFFECTS.ASSIGNMENT Assignment in a function parameter 4 No 9.2 9.5
PORTING.CMPSPEC.TYPE.BOOL Assignment to a bool type larger than 1 byte 4 No 9.2 9.5
PORTING.CMPSPEC.TYPE.LONGLONG Use of 'long long' 4 No 9.2 9.5
PORTING.MACRO.NUMTYPE Macro describing a builtin numeric type 4 No 9.2 9.5
PORTING.OPTS Compiler-dependent option 4 No 9.2 9.5
PORTING.PRAGMA.ALIGN Use of #pragma align 4 No 9.2 9.5
PORTING.PRAGMA.PACK Use of #pragma pack 4 No 9.2 9.5
PORTING.SIGNED.CHAR Use of 'char' without explicitly specifying signedness 4 No 9.2 9.5
PORTING.STORAGE.STRUCT Uncertain storage results 4 No 9.2 9.5
PORTING.STRUCT.BOOL Struct or class has a bool member 4 No 9.2 9.5
PORTING.UNIONS Union in an enclosing struct, class, or other union 4 No 9.2 9.5
PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE Relational expression may be always false 4 No 9.2 9.5
PORTING.UNSIGNEDCHAR.OVERFLOW.TRUE Relational expression may be always true 4 No 9.2 9.5
PORTING.UNSIGNEDCHAR.RELOP Relational operations between signed/unsigned char and char without signedness specification 4 No 9.2 9.5
PORTING.VAR.EFFECTS Variable used twice in one expression where one usage is subject to side-effects 4 No 9.2 9.5
PRECISION.LOSS Loss of precision 4 No Pre-9.2 9.5
PRECISION.LOSS.CALL Loss of precision during function call 4 No Pre-9.2 9.5
RETVOID.GEN Non-void function returns void value 2 Yes Pre-9.2
RETVOID.IMPLICIT Implicit int function returns void value 2 Yes Pre-9.2
RH.LEAK Resource leak 2 Yes Pre-9.2 9.5
RN.INDEX Suspicious use of index before negative check 1 Yes 9.5
RNPD.CALL Suspicious dereference of pointer in function call before null check 1 Yes Pre-9.2
RNPD.DEREF Suspicious dereference of pointer before null check 1 Yes Pre-9.2
SEMICOL Suspiciously placed semicolon 4 No Pre-9.2
STRONG.TYPE.ASSIGN Assignment of different strong types 4 No 9.2
STRONG.TYPE.ASSIGN.ARG Assignment of unexpected strong type argument 4 No 9.2
STRONG.TYPE.ASSIGN.CONST Assignment of unexpected strong type constant 4 No 9.2
STRONG.TYPE.ASSIGN.INIT Assignment of two different strong types in initialization 4 No 9.2
STRONG.TYPE.ASSIGN.RETURN Assignment strong type with inexplicit return 4 No 9.2
STRONG.TYPE.ASSIGN.ZERO Assignment of zero to strong type variable 4 No 9.2
STRONG.TYPE.EXTRACT Assignment of strong type variable to different type variable 4 No 9.2
STRONG.TYPE.JOIN.CMP Comparison of different strong types 4 No 9.2
STRONG.TYPE.JOIN.CONST Comparison of strong type with constant 4 No 9.2
STRONG.TYPE.JOIN.EQ Combination of different strong types with equals operator 4 No 9.2
STRONG.TYPE.JOIN.OTHER Combination of different strong types with arithmetic operator 4 No 9.2
STRONG.TYPE.JOIN.ZERO Comparison of strong type with zero 4 No 9.2
SV.BANNED.RECOMMENDED.ALLOCA Banned recommended API: stack allocation functions 4 No 9.5
SV.BANNED.RECOMMENDED.NUMERIC Banned recommended API: unsafe numeric conversion functions 4 No 9.5
SV.BANNED.RECOMMENDED.OEM Banned recommended API: OEM character page conversion functions 4 No 9.5
SV.BANNED.RECOMMENDED.PATH Banned recommended API: unsafe path name manipulation functions 4 No 9.5
SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions 4 No 9.5
SV.BANNED.RECOMMENDED.SPRINTF Banned recommended API: unsafe sprintf-type functions 4 No 9.5
SV.BANNED.RECOMMENDED.STRLEN Banned recommended API: unsafe string length functions 4 No
SV.BANNED.RECOMMENDED.TOKEN Banned recommended API: unsafe string tokenizing functions 4 No 9.5
SV.BANNED.RECOMMENDED.WINDOW Banned recommended API: unsafe window functions 4 No
SV.BANNED.REQUIRED.CONCAT Banned required API: unsafe string concatenation functions 4 No 9.5
SV.BANNED.REQUIRED.COPY Banned required API: unsafe buffer copy functions 4 No 9.5
SV.BANNED.REQUIRED.GETS Banned required API: unsafe stream reading functions 4 No
SV.BANNED.REQUIRED.ISBAD Banned required API: IsBad-type functions 4 No 9.5
SV.BANNED.REQUIRED.SPRINTF Banned required API: unsafe sprintf-type functions 4 No 9.5
SV.BFC.USING_STRUCT Insecurely bound socket 4 No Pre-9.2
SV.BRM.HKEY_LOCAL_MACHINE Use of HKEY_LOCAL_MACHINE macro to defeat least privileges principle 4 No Pre-9.2
SV.CODE_INJECTION.SHELL_EXEC Command injection vulnerability 3 No Pre-9.2
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector 2 No 9.5
SV.DLLPRELOAD.NONABSOLUTE.EXE Potential DLL-preload process-injection vector 2 No 9.5
SV.DLLPRELOAD.SEARCHPATH Potential DLL-preload SearchPath vector 2 No 9.5
SV.FIU.PROCESS_VARIANTS Exposure to privilege escalation 4 No Pre-9.2
SV.FMTSTR.GENERIC Format string vulnerability 1 No Pre-9.2
SV.FMT_STR.BAD_SCAN_FORMAT Missing width field for format string 2 Yes Pre-9.2 9.5
SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Mismatched specification and parameter 2 Yes Pre-9.2 9.5
SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected specification and parameter match 4 Yes Pre-9.2 9.5
SV.FMT_STR.PRINT_IMPROP_LENGTH Incompatible length modifier 2 Yes Pre-9.2 9.5
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in print function call 2 Yes Pre-9.2 9.5
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in print function call 2 Yes Pre-9.2 9.5
SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD Incompatible type of a scan function parameter 2 Yes 10.0
SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED Unexpected type of a scan function parameter 2 Yes 10.0
SV.FMT_STR.SCAN_IMPROP_LENGTH Improper use of length modifier in a scan function call 2 Yes Pre-9.2 9.5
SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW Too few arguments in a scan function call 2 Yes Pre-9.2 9.5
SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY Too many arguments in a scan function call 2 Yes Pre-9.2 9.5
SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in print function call 3 Yes Pre-9.2 9.5
SV.FMT_STR.UNKWN_FORMAT.SCAN Unknown format specifier in a scan function call 3 Yes Pre-9.2 9.5
SV.INCORRECT_RESOURCE_HANDLING.URH Insecure resource handling—allocation and release 3 No Pre-9.2
SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS Insecure resource handling—status checking 3 No Pre-9.2
SV.LPP.CONST Use of insecure macro for dangerous function 3 No 9.5
SV.LPP.VAR Use of insecure parameter in variable for dangerous function 3 No 9.5
SV.PCC.CONST Insecure constant temporary filename 4 No Pre-9.2
SV.PCC.INVALID_TEMP_PATH Insecure temporary path 4 No Pre-9.2
SV.PCC.MISSING_TEMP_CALLS.MUST Insecure temporary variable filename 4 No Pre-9.2
SV.PCC.MISSING_TEMP_FILENAME Missing temporary filename 4 No Pre-9.2
SV.PCC.MODIFIED_BEFORE_CREATE Insecure modification of temporary filename 4 No Pre-9.2
SV.PIPE.CONST Potential pipe hijacking 3 No 9.5
SV.PIPE.VAR Potential pipe hijacking 3 No 9.5
SV.RVT.RETVAL_NOTTESTED Ignored return value 4 No Pre-9.2
SV.SIP.CONST Use of Insecure Macro for Dangerous Functions 3 No 9.6
SV.SIP.VAR Use of Insecure Parameter for Dangerous Functions 3 No 9.6
SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy 1 No 10.0
SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations 2 No 10.0
SV.STRBO.BOUND_SPRINTF Buffer overflow from bound sprintf 1 No Pre-9.2
SV.STRBO.UNBOUND_COPY Buffer overflow from unbound string copy 1 No Pre-9.2
SV.STRBO.UNBOUND_SPRINTF Buffer overflow from unbound sprintf 1 No Pre-9.2
SV.STR_PAR.UNDESIRED_STRING_PARAMETER String parameter in file path 4 No Pre-9.2
SV.TAINTED.ALLOC_SIZE Unvalidated input used in memory allocation 2 Yes Pre-9.2
SV.TAINTED.CALL.INDEX_ACCESS Unvalidated input used in array indexing by function call 2 Yes Pre-9.2
SV.TAINTED.CALL.LOOP_BOUND Unvalidated input used as a loop boundary by function call 2 Yes Pre-9.2
SV.TAINTED.FMTSTR Unvalidated input in format string 1 Yes Pre-9.2
SV.TAINTED.INDEX_ACCESS Unvalidated input in array indexing 1 Yes Pre-9.2
SV.TAINTED.INJECTION Unvalidated input in downstream injection 3 Yes Pre-9.2
SV.TAINTED.LOOP_BOUND Unvalidated input used as a loop boundary 2 Yes Pre-9.2
SV.TOCTOU.FILE_ACCESS TOCTOU race condition in file access 4 No Pre-9.2
SV.UNBOUND_STRING_INPUT.CIN Buffer overflow from unbounded string input 1 Yes 9.5
SV.UNBOUND_STRING_INPUT.FUNC Buffer overflow from unbounded string copy 1 Yes 9.5
SV.USAGERULES.PERMISSIONS Exposure to privilege escalation 4 No Pre-9.2
SV.USAGERULES.PROCESS_VARIANTS Exposure to privilege escalation in process 4 No Pre-9.2
SV.USAGERULES.SPOOFING Spoofing security vulnerability 4 No Pre-9.2
SV.WEAK_CRYPTO.WEAK_HASH Weak password vulnerability 4 No Pre-9.2
UFM.DEREF.MIGHT Pointer to freed memory may be dereferenced 1 Yes Pre-9.2 9.2, 9.5
UFM.DEREF.MUST Pointer to freed memory dereferenced 1 Yes Pre-9.2 9.2, 9.5
UFM.FFM.MIGHT Freeing freed memory possible 1 Yes Pre-9.2 9.2, 9.5
UFM.FFM.MUST Freeing freed memory 1 Yes Pre-9.2 9.2, 9.5
UFM.RETURN.MIGHT Pointer to freed memory may be returned 2 Yes Pre-9.2 9.2, 9.5
UFM.RETURN.MUST Pointer to freed memory returned 2 Yes Pre-9.2 9.2, 9.5
UFM.USE.MIGHT Freed memory may be used 2 Yes Pre-9.2 9.2, 9.5
UFM.USE.MUST Freed memory is used 2 Yes Pre-9.2 9.2, 9.5
UNINIT.CTOR.MIGHT Uninitialized variable in constructor possible 1 Yes Pre-9.2 9.2, 9.5
UNINIT.CTOR.MUST Uninitialized variable in constructor 2 No Pre-9.2 9.2, 9.5
UNINIT.HEAP.MIGHT Uninitialized heap use possible 1 Yes Pre-9.2 9.2, 9.5
UNINIT.HEAP.MUST Uninitialized heap use 1 Yes Pre-9.2 9.2, 9.5
UNINIT.STACK.ARRAY.MIGHT Uninitialized array possible 1 Yes Pre-9.2 9.2, 9.5
UNINIT.STACK.ARRAY.MUST Uninitialized array 1 Yes Pre-9.2 9.2, 9.5
UNINIT.STACK.ARRAY.PARTIAL.MUST Partially uninitialized array 1 Yes Pre-9.2 9.2, 9.5
UNINIT.STACK.MIGHT Uninitialized variable possible 1 Yes Pre-9.2 9.2, 9.5
UNINIT.STACK.MUST Uninitialized variable 1 Yes Pre-9.2 9.2, 9.5
UNREACH.GEN Unreachable code 3 No Pre-9.2 9.2, 9.5
UNREACH.RETURN Unreachable return 3 No Pre-9.2 9.2, 9.5
VA_UNUSED.GEN Value is never used after assignment 4 No Pre-9.2 9.5
VA_UNUSED.INIT Value is never used after initialization 4 No Pre-9.2 9.5
VOIDRET Void function returns value 2 Yes Pre-9.2 9.5