EN JP CN

C and C++ checker reference

Checker codeDescriptionDefault severityEnabled by default?CreatedModified
ABV.ANY_SIZE_ARRAY Buffer Overflow - Array Index Out of Bounds1falsePre-9.29.5
ABV.GENERAL Buffer Overflow - Array Index Out of Bounds1true9.610.1, 10.3, 10.4, 11.0, 11.1, 11.2, 2017.3
ABV.ITERATOR Buffer Overflow - Array Index may be out of Bounds1truePre-9.29.5, 10.3
ABV.MEMBER Buffer Overflow - Array Index Out of Bounds1true9.510.3
ABV.STACK Buffer Overflow - Local Array Index Out of Bounds1truePre-9.29.5
ABV.TAINTED Buffer Overflow from Unvalidated Input1truePre-9.29.5, 10.3, 11.2
ABV.UNICODE.BOUND_MAP Buffer overflow in mapping character function1falsePre-9.29.5
ABV.UNICODE.FAILED_MAP Mapping function failed1falsePre-9.29.5
ABV.UNICODE.NNTS_MAP Buffer overflow in mapping character function1falsePre-9.29.5
ABV.UNICODE.SELF_MAP Mapping function failed1false9.6 
ABV.UNKNOWN_SIZE Buffer Overflow - Array Index Out of Bounds1true9.6 
ASSIGCOND.CALL Assignment in condition (call)3falsePre-9.2 
ASSIGCOND.GEN Assignment in condition3falsePre-9.2 
BSTR.CAST.C C style type cast to BSTR4falsePre-9.2 
BSTR.CAST.CPP C++ style type cast to BSTR4falsePre-9.2 
BSTR.FUNC.ALLOC Incorrect call to BSTR allocating function4falsePre-9.2 
BSTR.FUNC.FREE Incorrect call to BSTR freeing function4falsePre-9.2 
BSTR.FUNC.LEN Trying to get length of non-BSTR string using BSTR-related functions4falsePre-9.2 
BSTR.FUNC.REALLOC Incorrect call to BSTR reallocating function4falsePre-9.2 
BSTR.IA.ASSIGN BSTR variable is assigned a non-BSTR value4falsePre-9.2 
BSTR.IA.INIT BSTR variable is initialized with a non-BSTR value4falsePre-9.2 
BSTR.OPS.ARITHM Illegal arithmetic operations with BSTR values4falsePre-9.2 
BSTR.OPS.COMP Illegal comparison of BSTR values4falsePre-9.2 
BSTR.OPS.EQS Illegal equality comparison of BSTR values4falsePre-9.2 
BYTEORDER.HTON.SEND Missed conversion from host to network byte order3false9.2 
BYTEORDER.HTON.WRITE Missed conversion from host to network byte order3false9.2 
BYTEORDER.NTOH.READ Missed conversion from network to host byte order3false9.2 
BYTEORDER.NTOH.RECV Missed conversion from network to host byte order3false9.2 
CL.ASSIGN.NON_CONST_ARG Assignment operator declares non-constant reference argument4true9.5 
CL.ASSIGN.RETURN_CONST Assignment operator returns constant reference4true9.5 
CL.ASSIGN.VOID Assignment operator returns void4true9.5 
CL.FFM.ASSIGN Use of free memory (double free) - no operator=3truePre-9.29.5
CL.FFM.COPY Use of free memory (double free) - no copy constructor3truePre-9.29.5
CL.FMM Freeing Mismatched Memory - in destructor3truePre-9.29.5, 10.1
CL.MLK Memory Leak - in destructor3truePre-9.29.5
CL.MLK.ASSIGN Memory Leak - in assignment operator3true10.1 
CL.MLK.VIRTUAL Memory Leak - possible in destructor2truePre-9.29.5
CL.SELF-ASSIGN Use of free memory (double free) - in operator=2truePre-9.29.5
CL.SHALLOW.ASSIGN Use of free memory (double free) - shallow copy in operator=2true10.1 
CL.SHALLOW.COPY Use of free memory (double free) - shallow copy in copy constructor2true10.1 
CONC.DL Deadlock2false9.2 
CONC.NO_UNLOCK Missing unlock for variable2truePre-9.2 
CONC.SLEEP Function may block in critical section3truePre-9.2 
CWARN.ALIGNMENT Incorrect pointer scaling is used4true9.5 
CWARN.BAD.PTR.ARITH Bad pointer arithmetic4false10.0 
CWARN.BITOP.SIZE Operands of different size in bitwise operation4true10.0 
CWARN.BOOLOP.INC A boolean is incremented or decremented4truePre-9.29.5
CWARN.CAST.VIRTUAL_INHERITANCE C-style cast of pointer to object with virtual methods to pointer to its derived class4false10.0 
CWARN.CMPCHR.EOF A 'char' expression compared with EOF constant4false9.29.5
CWARN.CONSTCOND.DO 'do' controlling expression is constant4falsePre-9.29.5
CWARN.CONSTCOND.IF 'if' controlling expression is constant4falsePre-9.29.5
CWARN.CONSTCOND.SWITCH 'switch' selector expression is constant4falsePre-9.29.5
CWARN.CONSTCOND.TERNARY Controlling condition in conditional expression is constant4falsePre-9.29.5
CWARN.CONSTCOND.WHILE 'while' controlling expression is constant4falsePre-9.29.5
CWARN.COPY.NOASSIGN Class defines copy constructor, but no assignment operator4falsePre-9.29.5, 11.0
CWARN.DTOR.NONVIRT.DELETE Delete expression for an object of a class with virtual methods and no virtual destructor2truePre-9.29.5
CWARN.DTOR.NONVIRT.NOTEMPTY Class has virtual functions inherited from a base class, but its destructor is not virtual and not empty2truePre-9.29.5
CWARN.EMPTY.LABEL Empty label statement4falsePre-9.29.5
CWARN.EMPTY.TYPEDEF Missing typedef name4falsePre-9.29.5
CWARN.FUNCADDR Function address is used instead of a call to this function2falsePre-9.29.5
CWARN.HIDDEN.PARAM Parameter hidden by local variable4falsePre-9.29.5
CWARN.IMPLICITINT Anachronistic 'implicit int'4falsePre-9.29.5
CWARN.INCL.ABSOLUTE Absolute path is used in include directive4false9.6 
CWARN.INCL.NO_INTERFACE Source file does not include its interface header4false10.0 
CWARN.INLINE.NONFUNC 'inline' used with non-function4falsePre-9.29.5
CWARN.MEMBER.INIT.ORDER Members of the initialization list are not listed in the order in which they are declared in the class4false9.510.4
CWARN.MEM.NONPOD Memory manipulation routine applied to a non-POD object4true10.0 
CWARN.MEMSET.SIZEOF.PTR Memset-like function is called for 'sizeof' applied to pointer4false10.010.3, 11.1
CWARN.NOEFFECT.OUTOFRANGE Value outside of range3false10.1 
CWARN.NOEFFECT.SELF_ASSIGN A variable is assigned to self4false9.29.5, 10.4
CWARN.NOEFFECT.UCMP.GE Comparison of unsigned value against 0 is always true4truePre-9.29.5
CWARN.NOEFFECT.UCMP.GE.MACRO Comparison of unsigned value against 0 within a macro is always true4falsePre-9.29.5
CWARN.NOEFFECT.UCMP.LT Comparison of unsigned value against 0 is always false4truePre-9.29.5
CWARN.NOEFFECT.UCMP.LT.MACRO Comparison of unsigned value against 0 within a macro is always false4falsePre-9.29.5
CWARN.NULLCHECK.FUNCNAME Function address was directly compared against 04truePre-9.29.5
CWARN.OVERRIDE.CONST Function overriding fails due to mismatch of 'const' qualifiers4truePre-9.29.5
CWARN.PACKED.TYPEDEF 'packed' attribute ignored in typedef4falsePre-9.29.5
CWARN.PASSBYVALUE.ARG Function argument passed by value is too large4falsePre-9.29.5
CWARN.PASSBYVALUE.EXC Exception object passed by value is too large4falsePre-9.29.5
CWARN.RET.MAIN Bad return type of main4truePre-9.29.5
CWARN.SIGNEDBIT Signed one bit field4truePre-9.29.5
DBZ.CONST Division by a zero constant occurs1false10.3 
DBZ.CONST.CALL The value '0' is passed to function that can use this value as divisor1false10.3 
DBZ.GENERAL Division by zero might occur1false10.3 
DBZ.ITERATOR Division by zero might occur in a loop iterator1false10.3 
EFFECT Statement has no effect4falsePre-9.2 
FMM.MIGHT Freeing Mismatched Memory - possible2truePre-9.210.1
FMM.MUST Freeing Mismatched Memory1truePre-9.210.1
FNH.MIGHT Freeing Non-Heap Memory - possible1truePre-9.2 
FNH.MUST Freeing Non-Heap Memory2truePre-9.2 
FREE.INCONSISTENT Inconsistent Freeing of Memory3falsePre-9.2 
FUM.GEN.MIGHT Freeing Unallocated Memory - possible1truePre-9.2 
FUM.GEN.MUST Freeing Unallocated Memory1truePre-9.2 
FUNCRET.GEN Non-void function does not return value1truePre-9.2 
FUNCRET.IMPLICIT Non-void function implicitly returning int does not return value2truePre-9.2 
HCC Use of hardcoded credentials2true11.1 
HCC.PWD Use of a hardcoded password2true11.1 
HCC.USER Use of a hardcoded user name2true11.1 
INCONSISTENT.LABEL Inconsistent Case Labels4truePre-9.29.5
INCORRECT.ALLOC_SIZE Incorrect Allocation Size3truePre-9.2 
INFINITE_LOOP.GLOBAL Infinite loop2false9.5 
INFINITE_LOOP.LOCAL Infinite loop2true9.510.1, 2017, 2017.3
INFINITE_LOOP.MACRO Infinite loop2false9.5 
INVARIANT_CONDITION.GEN Invariant expression in a condition3false10.110.2
INVARIANT_CONDITION.UNREACH Invariant expression in a condition3false10.110.2
ITER.CONTAINER.MODIFIED Use of invalid iterator3truePre-9.22017
ITER.END.DEREF.MIGHT Dereference of 'end' iterator3true9.5 
ITER.END.DEREF.MUST Dereference of 'end' iterator3true9.5 
ITER.INAPPROPRIATE Use of iterator with inappropriate container object4true9.5 
ITER.INAPPROPRIATE.MULTIPLE Use of iterator with inappropriate container object4true9.5 
LA_UNUSED Label unused4falsePre-9.2 
LOCRET.ARG Function returns address of local variable1truePre-9.29.5
LOCRET.GLOB Function returns address of local variable1truePre-9.29.5
LOCRET.RET Function returns address of local variable1truePre-9.29.5
LS.CALL Suspicious use of non-localized string in GUI function3false11.0 
LS.CALL.STRING Suspicious use of non-localized string in GUI function3false11.0 
LV_UNUSED.GEN Local variable unused4falsePre-9.2 
MLK.MIGHT Memory Leak - possible2truePre-9.29.2, 9.5
MLK.MUST Memory Leak2truePre-9.29.2, 9.5, 11.1, 11.3
MLK.RET.MIGHT Memory Leak - possible2false9.6 
MLK.RET.MUST Memory Leak2true9.6 
NNTS.MIGHT Buffer Overflow - Non-null Terminated String1truePre-9.29.2, 10.3
NNTS.MUST Buffer Overflow - Non-null Terminated String1truePre-9.29.2, 10.3
NNTS.TAINTED Unvalidated User Input Causing Buffer Overflow - Non-Null Terminated String1truePre-9.29.2, 10.3
NPD.CHECK.CALL.MIGHT Pointer may be passed to function that can dereference it after it was positively checked for NULL1truePre-9.29.2, 9.5
NPD.CHECK.CALL.MUST Pointer will be passed to function that may dereference it after it was positively checked for NULL1truePre-9.29.2, 9.5
NPD.CHECK.MIGHT Pointer may be dereferenced after it was positively checked for NULL1truePre-9.29.2, 9.5
NPD.CHECK.MUST Pointer will be dereferenced after it was positively checked for NULL1truePre-9.29.2, 9.5
NPD.CONST.CALL NULL is passed to function that can dereference it1falsePre-9.29.2, 9.5
NPD.CONST.DEREF NULL is dereferenced1falsePre-9.29.2, 9.5
NPD.FUNC.CALL.MIGHT Result of function that may return NULL may be passed to another function that may dereference it1falsePre-9.29.2, 9.5
NPD.FUNC.CALL.MUST Result of function that may return NULL will be passed to another function that may dereference it1falsePre-9.29.2, 9.5
NPD.FUNC.MIGHT Result of function that can return NULL may be dereferenced1truePre-9.29.2, 9.5
NPD.FUNC.MUST Result of function that may return NULL will be dereferenced1truePre-9.29.2, 9.5, 10.4
NPD.GEN.CALL.MIGHT Null pointer may be passed to function that may dereference it1truePre-9.29.2, 9.5
NPD.GEN.CALL.MUST Null pointer will be passed to function that may dereference it1truePre-9.29.2, 9.5
NPD.GEN.MIGHT Null pointer may be dereferenced1truePre-9.29.2, 9.5
NPD.GEN.MUST Null pointer will be dereferenced1truePre-9.29.2, 9.5, 11.0
NUM.OVERFLOW Possible Overflow3false10.1 
PORTING.BITFIELDS Usage of bitfields within a structure4false9.29.5
PORTING.BSWAP.MACRO A custom byte swap macro is used without checking endian4false9.29.5
PORTING.BYTEORDER.SIZE An incompatible type is used with a network macro such as 'ntohl'4false9.29.5
PORTING.CAST.FLTPNT Cast of a floating point expression to a non floating point type4false9.29.5
PORTING.CAST.PTR Cast between types that are not both pointers or not pointers4false9.29.5
PORTING.CAST.PTR.FLTPNT Cast of a pointer to a floating point expression to a non floating point type pointer4false9.29.5
PORTING.CAST.PTR.SIZE Attempt to cast an expression to a type of a potentially incompatible size4false9.29.5
PORTING.CAST.SIZE Expression is cast to a type of potentially different size4false9.29.5
PORTING.CMPSPEC.EFFECTS.ASSIGNMENT Assignment in a function parameter4false9.29.5, 10.3
PORTING.CMPSPEC.TYPE.BOOL Assignment to a 'bool' type is larger than 1 byte4false9.29.5
PORTING.CMPSPEC.TYPE.LONGLONG Use of 'long long'4false9.29.5
PORTING.MACRO.NUMTYPE Macro describing a builtin numeric type is used4false9.29.5
PORTING.OPTS Compiler dependant option is used4false9.29.5
PORTING.PRAGMA.ALIGN #pragma align usage4false9.29.5
PORTING.PRAGMA.PACK #pragma pack usage4false9.29.5
PORTING.SIGNED.CHAR 'char' used without explicitly specifying signedness4false9.29.5
PORTING.STORAGE.STRUCT Byte position of elements in a structure could depend on alignment and packing attributes.4false9.29.5
PORTING.STRUCT.BOOL Struct/class has a bool member4false9.29.5
PORTING.UNIONS Union is used within an enclosing struct/class/other union4false9.29.5
PORTING.UNSIGNEDCHAR.OVERFLOW.FALSE Relational expression may be always false depending on 'char' type signedness4false9.29.5
PORTING.UNSIGNEDCHAR.OVERFLOW.TRUE Relational expression may be always true depending on 'char' type signedness4false9.29.5
PORTING.UNSIGNEDCHAR.RELOP Relational operations used between explicitly signed/unsigned char and char without signedness specification4false9.29.5
PORTING.VAR.EFFECTS Variable used twice in one expression where one usage is subject to side-effects4false9.29.5
PRECISION.LOSS Loss of Precision4falsePre-9.29.5
PRECISION.LOSS.CALL Loss of Precision during function call4falsePre-9.29.5
RABV.CHECK Suspicious use of index before boundary check1true11.32017
RCA Risky cryptographic algorithm used2true11.02017
RCA.HASH.SALT.EMPTY Use of a one-way hash with an empty salt2true11.1 
RETVOID.GEN Non-void function returns void value2truePre-9.2 
RETVOID.IMPLICIT Implicitly int function returns void value2truePre-9.2 
RH.LEAK Resource leak2truePre-9.29.5, 11.1
RN.INDEX Suspicious use of index before negative check1true9.5 
RNPD.CALL Suspicious dereference of pointer in function call before NULL check1truePre-9.2 
RNPD.DEREF Suspicious dereference of pointer before NULL check1truePre-9.2 
SEMICOL Suspiciously placed semicolon4falsePre-9.2 
SPECTRE.VARIANT1 Potential exploit of speculative execution3false2017.3, 2018, 2018.1* 
STRONG.TYPE.ASSIGN Assignment does not respect strong typing4false9.2 
STRONG.TYPE.ASSIGN.ARG Assignment does not respect strong typing4false9.2 
STRONG.TYPE.ASSIGN.CONST Assignment does not respect strong typing4false9.2 
STRONG.TYPE.ASSIGN.INIT Assignment does not respect strong typing4false9.2 
STRONG.TYPE.ASSIGN.RETURN Assignment does not respect strong typing4false9.2 
STRONG.TYPE.ASSIGN.ZERO Assignment does not respect strong typing4false9.2 
STRONG.TYPE.EXTRACT Assignment does not respect strong typing4false9.2 
STRONG.TYPE.JOIN.CMP Joining with binary operator does not respect strong typing4false9.2 
STRONG.TYPE.JOIN.CONST Joining with binary operator does not respect strong typing4false9.2 
STRONG.TYPE.JOIN.EQ Joining with binary operator does not respect strong typing4false9.2 
STRONG.TYPE.JOIN.OTHER Joining with binary operator does not respect strong typing4false9.2 
STRONG.TYPE.JOIN.ZERO Joining with binary operator does not respect strong typing4false9.2 
SV.BANNED.RECOMMENDED.ALLOCA Banned recommended API: stack allocation functions4false9.5 
SV.BANNED.RECOMMENDED.NUMERIC Banned recommended API: unsafe numeric conversion functions4false9.5 
SV.BANNED.RECOMMENDED.OEM Banned recommended API: OEM character page conversion functions4false9.5 
SV.BANNED.RECOMMENDED.PATH Banned recommended API: unsafe path name manipulation functions4false9.5 
SV.BANNED.RECOMMENDED.SCANF Banned recommended API: unsafe scanf-type functions4false9.5 
SV.BANNED.RECOMMENDED.SPRINTF Banned recommended API: unsafe sprintf-type functions4false9.5 
SV.BANNED.RECOMMENDED.STRLEN Banned recommended API: unsafe string length functions4false9.5 
SV.BANNED.RECOMMENDED.TOKEN Banned recommended API: unsafe string tokenizing functions4false9.5 
SV.BANNED.RECOMMENDED.WINDOW Banned recommended API: unsafe window functions4falsePre-9.2 
SV.BANNED.REQUIRED.CONCAT Banned required API: unsafe string concatenation functions4false9.5 
SV.BANNED.REQUIRED.COPY Banned required API: unsafe buffer copy functions4false9.5 
SV.BANNED.REQUIRED.GETS Banned required API: unsafe stream reading functions4falsePre-9.2 
SV.BANNED.REQUIRED.ISBAD Banned required API: IsBad-type functions4false9.5 
SV.BANNED.REQUIRED.SPRINTF Banned required API: unsafe sprintf-type functions4false9.5 
SV.BFC.USING_STRUCT Use of INADDR_ANY in sin_addr.s_addr field of struct sockaddr_in Structure Used for Call to bind Function4falsePre-9.2 
SV.BRM.HKEY_LOCAL_MACHINE HKEY_LOCAL_MACHINE Used as 'hkey' Parameter for Registry Manipulation Function4falsePre-9.2 
SV.CODE_INJECTION.SHELL_EXEC Command Injection into Shell Execution3falsePre-9.2 
SV.DLLPRELOAD.NONABSOLUTE.DLL Potential DLL-preload hijack vector2false9.5 
SV.DLLPRELOAD.NONABSOLUTE.EXE Potential process injection vector2false9.5 
SV.DLLPRELOAD.SEARCHPATH Do not use SearchPath to find DLLs2false9.5 
SV.FIU.PROCESS_VARIANTS Use of Dangerous Process Creation4falsePre-9.211.3
SV.FMTSTR.GENERIC Format String Vulnerability1falsePre-9.211.2
SV.FMT_STR.BAD_SCAN_FORMAT Input format specifier error2truePre-9.29.5
SV.FMT_STR.PRINT_FORMAT_MISMATCH.BAD Incompatible type of a print function parameter2truePre-9.29.5
SV.FMT_STR.PRINT_FORMAT_MISMATCH.UNDESIRED Unexpected type of a print function parameter4truePre-9.29.5
SV.FMT_STR.PRINT_IMPROP_LENGTH Improper use of length modifier in a print function call2truePre-9.29.5
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.FEW Too few arguments in a print function call2truePre-9.29.5
SV.FMT_STR.PRINT_PARAMS_WRONGNUM.MANY Too many arguments in a print function call2truePre-9.29.5
SV.FMT_STR.SCAN_FORMAT_MISMATCH.BAD Incompatible type of a scan function parameter2true10.011.3
SV.FMT_STR.SCAN_FORMAT_MISMATCH.UNDESIRED Unexpected type of a scan function parameter2true10.0 
SV.FMT_STR.SCAN_IMPROP_LENGTH Improper use of length modifier in a scan function call2truePre-9.29.5
SV.FMT_STR.SCAN_PARAMS_WRONGNUM.FEW Too few arguments in a scan function call2truePre-9.29.5
SV.FMT_STR.SCAN_PARAMS_WRONGNUM.MANY Too many arguments in a scan function call2truePre-9.29.5
SV.FMT_STR.UNKWN_FORMAT Unknown format specifier in a print function call3truePre-9.29.5
SV.FMT_STR.UNKWN_FORMAT.SCAN Unknown format specifier in a scan function call3truePre-9.29.5
SV.INCORRECT_RESOURCE_HANDLING.URH Insecure Resource Handling3falsePre-9.2 
SV.INCORRECT_RESOURCE_HANDLING.WRONG_STATUS Insecure Resource Handling3falsePre-9.2 
SV.LPP.CONST Use of Insecure Macro for Dangerous Functions3false9.5 
SV.LPP.VAR Use of Insecure Parameter for Dangerous Functions3false9.5 
SV.PCC.CONST Insecure (Constant) Temporary File Name in Call to CreateFile4falsePre-9.2 
SV.PCC.INVALID_TEMP_PATH Insecure Temporary File Name in Call to CreateFile4falsePre-9.2 
SV.PCC.MISSING_TEMP_CALLS.MUST Missing Secure Temporary File Names in Call to CreateFile4falsePre-9.2 
SV.PCC.MISSING_TEMP_FILENAME Missing Temporary File Name in Call to CreateFile4falsePre-9.2 
SV.PCC.MODIFIED_BEFORE_CREATE Modification of Temporary File Name before Call to CreateFile4falsePre-9.2 
SV.PIPE.CONST Potential pipe hijacking3false9.5 
SV.PIPE.VAR Potential pipe hijacking3false9.5 
SV.RVT.RETVAL_NOTTESTED Ignored Return Value4falsePre-9.2 
SV.SIP.CONST Use of Insecure Macro for Dangerous Functions3false9.6 
SV.SIP.VAR Use of Insecure Parameter for Dangerous Functions3false9.6 
SV.STRBO.BOUND_COPY.OVERFLOW Buffer Overflow in Bound String Copy1false10.0 
SV.STRBO.BOUND_COPY.UNTERM Possible Buffer Overflow in Following String Operations2false10.0 
SV.STRBO.BOUND_SPRINTF Buffer Overflow in Bound sprintf1falsePre-9.210.3
SV.STRBO.UNBOUND_COPY Buffer Overflow in Unbound String Copy1falsePre-9.2 
SV.STRBO.UNBOUND_SPRINTF Buffer Overflow in Unbound sprintf1falsePre-9.2 
SV.STR_PAR.UNDESIRED_STRING_PARAMETER Undesired String for File Path4falsePre-9.2 
SV.TAINTED.ALLOC_SIZE Use of Unvalidated Integer in Memory Allocation2truePre-9.210.1, 10.2
SV.TAINTED.BINOP Use of Unvalidated Integer in Binary Operation3false10.3 
SV.TAINTED.CALL.BINOP Use of Unvalidated Integer in Binary Operation3false10.3 
SV.TAINTED.CALL.DEREF Dereference Of An Unvalidated Pointer3false11.2 
SV.TAINTED.CALL.INDEX_ACCESS Use of Unvalidated Integer as Array Index by Function Call2truePre-9.210.1, 10.2
SV.TAINTED.CALL.LOOP_BOUND Use of Unvalidated Integer in Loop Condition through a Function Call2truePre-9.210.1, 10.2
SV.TAINTED.DEREF Dereference Of An Unvalidated Pointer3false11.2 
SV.TAINTED.FMTSTR Use of Unvalidated Data in a Format String1truePre-9.210.1
SV.TAINTED.INDEX_ACCESS Use of Unvalidated Integer as Array Index1truePre-9.210.1, 10.2, 11.1, 2017
SV.TAINTED.INJECTION Command Injection3truePre-9.210.1
SV.TAINTED.LOOP_BOUND Use of Unvalidated Integer in Loop Condition2truePre-9.210.1, 10.2
SV.TAINTED.PATH_TRAVERSAL Use of Unvalidated Data in a Path Traversal1true11.0 
SV.TAINTED.SECURITY_DECISION Security Decision3false10.4 
SV.TOCTOU.FILE_ACCESS Time of Creation/Time of Use Race condition in File Access4falsePre-9.211.3
SV.UNBOUND_STRING_INPUT.CIN Usage of cin for unbounded string input1true9.5 
SV.UNBOUND_STRING_INPUT.FUNC Usage of unbounded string input1true9.5 
SV.USAGERULES.PERMISSIONS Use of Privilege Elevation4falsePre-9.211.3
SV.USAGERULES.PROCESS_VARIANTS Use of Dangerous Process Creation Function4falsePre-9.2 
SV.USAGERULES.SPOOFING Use of Function Susceptible to Spoofing4falsePre-9.2 
SV.WEAK_CRYPTO.WEAK_HASH Weak Hash Function4falsePre-9.2 
UFM.DEREF.MIGHT Use of free memory (access) - possible1truePre-9.29.2, 9.5
UFM.DEREF.MUST Use of Freed Memory by Pointer1truePre-9.29.2, 9.5
UFM.FFM.MIGHT Use of free memory (double free) - possible1truePre-9.29.2, 9.5
UFM.FFM.MUST Freeing Freed Memory1truePre-9.29.2, 9.5
UFM.RETURN.MIGHT Use of freed memory (return) - possible2truePre-9.29.2, 9.5
UFM.RETURN.MUST Use of Freed Memory on Return2truePre-9.29.2, 9.5
UFM.USE.MIGHT Use of free memory - possible2truePre-9.29.2, 9.5
UFM.USE.MUST Use of Freed Memory2truePre-9.29.2, 9.5
UNINIT.CTOR.MIGHT Uninitialized Variable in Constructor - possible1truePre-9.29.2, 9.5
UNINIT.CTOR.MUST Uninitialized Variable in Constructor2falsePre-9.29.2, 9.5
UNINIT.HEAP.MIGHT Uninitialized Heap Use - possible1truePre-9.29.2, 9.5
UNINIT.HEAP.MUST Uninitialized Heap Use1truePre-9.29.2, 9.5
UNINIT.STACK.ARRAY.MIGHT Uninitialized Array - possible1truePre-9.29.2, 9.5
UNINIT.STACK.ARRAY.MUST Uninitialized Array1truePre-9.29.2, 9.5
UNINIT.STACK.ARRAY.PARTIAL.MUST Partialy Uninitialized Array1truePre-9.29.2, 9.5
UNINIT.STACK.MIGHT Uninitialized Variable - possible1truePre-9.29.2, 9.5
UNINIT.STACK.MUST Uninitialized Variable1truePre-9.29.2, 9.5, 11.2
UNREACH.GEN Unreachable code3falsePre-9.29.2, 9.5, 10.1, 10.3, 10.4, 11.2
UNREACH.RETURN Unreachable Void Return3falsePre-9.29.2, 9.5, 11.2
UNREACH.SIZEOF Architecture-related unreachable code3false10.1 
UNUSED.FUNC.GEN Function defined but not used4false10.111.3
UNUSED.FUNC.WARN Potential unused function4false10.111.3
VA_UNUSED.GEN Value is Never Used after Assignment4falsePre-9.29.5
VA_UNUSED.INIT Value is Never Used after Initialization4falsePre-9.29.5, 11.2
VOIDRET Void function returns value2truePre-9.29.5

*SPECTRE.VARIANT1 was created in April 2018 and back ported to Klocwork 2017.3/2018 as the vulnerability was discovered in early 2018.