Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

C++ static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C++ code

Filtered: 54 rules found

symbolic-execution

Impact

Clean code attribute

Only valid arguments should be passed to UNIX/POSIX functions

intentionality - logical

maintainability

Code Smell

Passing invalid arguments to UNIX/POSIX functions may result in undefined behavior.

Why is this an issue?

How can I fix it?

More Info

Many UNIX/POSIX functions put certain constraints on the values of their parameters. The behavior for some of those UNIX/POSIX functions is not defined but instead, their behavior is implementation-defined, if one passes incorrectly constrained parameters. This may lead to undefined behavior depending on a function’s concrete implementation. The constraints include the following:

Allocation sizes of calloc, malloc, realloc, reallocf, alloca and valloc must be strictly positive
open and openat should be called with a flag that contains one of the access modes: O_RDONLY, O_WRONLY, or O_RDWR
open and openat with flag O_CREAT should be called with a third argument
The O_EXCL flag should be used with O_CREAT
The first argument of pthread_once should not have automatic storage duration and should be initialized by the constant PTHREAD_ONCE_INIT

Failing to pass correctly constrained parameters can result in undefined behavior.

// Depending on the implementation, either NULL is returned, or the behavior is
// as if the passed size parameter were a non-zero value, except that accesses
// of the returned pointer result in undefined behavior.
void *mem = alloca(0); // May result in undefined behavior.

int fd = open("example.txt", O_ APPEND); // Access mode is missing, may result in undefined behavior.

// Third argument should be used to specify the file's access permissions.
int fd_1 = open("another_example.txt", O_CREAT); // May result in undefined behavior.

// Since `O_EXCL` prevents file creation if it already exists, the flag for
// file creation `O_CREAT` should be used in combination with `O_EXCL`.
int fd_3 = open("further_example.txt", O_EXCL); // `O_CREAT` flag is missing, may result in undefined behavior.

int counter = 0;

void inc_counter() { ++counter; }

void bar() {
  // May trigger undefined behavior, because `once_control`'s storage duration
  // is automatic. `counter` might be incremented with each call to `bar`.
  pthread_once_t once_control = PTHREAD_ONCE_INIT;
  pthread_once(&once_control, &inc_counter); // May result in undefined behavior.
}

What is the potential impact?

Using UNIX/POSIX functions with invalid arguments results in implementation-defined behavior and may lead to undefined behavior.

When a function emits implementation-defined behavior, its behavior is unspecified and each implementation documents how the choice is made. Implementation-defined behavior can quickly lead to undefined behavior, if the respective function is not used exactly as per the documentation.

When a program comprises undefined behavior, the compiler no longer needs to adhere to the language standard, and the program has no meaning assigned to it.

Depending on the concrete situation, the application might just crash, but in the worst case, the application may appear to execute correctly, while losing data or producing incorrect results.

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Developer Edition
Available Since
9.1

In-IDE

SaaS

Self-Hosted