Defect types
The following table contains defect types that can be detected by Aegis. There is description and example of program for each defect type in the table.
You can detect these defects using defect detection service. To defect them, you should copy an example to clipboard and then to source code storage. After that, launch defect detection service.
Type | Description | Example |
---|---|---|
RES | Resource control defects | |
RES-01 | Local dynamic memory leak (detected at end of function) | void f() { int* array; array = malloc(sizeof(int)*5);//RES-01 } void main(void) { f(); } |
RES-01A | Global dynamic memory leak (detected at end of program) | void main(void) { int* array; array = malloc(sizeof(int)*5);//RES-01A } |
RES-02 | Local resource leak (detected at end of function) | #include <stdio.h> void f() { FILE* f; char buf[30]; f = fopen(buf, "w");//RES-02 } void main(void) { f(); } |
RES-02A | Global resource leak (detected at end of program) | #include <stdio.h> void main(void) { FILE* f; char buf[30]; f = fopen(buf, "w");//RES-02A } |
RES-03 | Double dynamic memory free | void main(void) { int* array; array = malloc(sizeof(int)*5); free(array); free(array);//RES-03 } |
RES-03A | Dynamic memory free for pointer to the middle of dynamic array | void main(void) { int* array; int size = 20; array = malloc(sizeof(int)*size); free(&array[size - size/2]);//RES-03A } |
RES-03B | Dynamic memory free for pointer to static object | void main(void) { int a = 10; int* p_a = &a; free(p_a);//RES-03B } |
RES-04 | Double resource free | #include <unistd.h> #include <fcntl.h> int main(void) { close(0); close(0);//RES-04 return 0; } |
RES-06 | Resource protocol violation (operations with closed, unopened, uncontrolled resource, etc.) | ------ |
BUF | Operations with buffers/arrays defects | |
BUF-02 | Dereference of pointer out of bounds | int main(void) { int arr[10]; int *p_arr; p_arr = arr; p_arr += 10; printf("%d" , *p_arr);//BUF-02 } |
BUF-03 | Buffer overflow (read/write from/to buffer with not enough size) | #include <string.h> int main(void) { char str1[] = "String"; char str2[] = "ExString"; strncpy(str1,str2,strlen(str2));//BUF-03 } |
BUF-05 | Subtraction or comparison of pointers to different objects | void main(void) { int a1[10]; int a2[15]; int *pa1 = a1; int *pa2=a2+7; int diff = (pa2 - pa1);//BUF-05 } |
INI | Uninitialization defects | |
INI-01 | Use of uninitialized variable | void main(void) { int a[4] = { 0, 1, 2, 3}; int d1,i; for(i=0;i<= d1;i++) {//INI-01 a[0] +=1; } } |
INI-03 | Dereference of uninitialized, null or incorrect pointer | #include <stdlib.h> void main(void) { int* p = NULL; *p = 1;//INI-03 } |
FRM | Format string defects | |
FRM-01 | Use of uncontrolled value as format string | #include <stdio.h> void main(void) { char value[50]; scanf("%49s", value); printf(value);//FRM-01 } |
EXP | Expression defects | |
EXP-04 | Usage of integer variables in floating arithmetics | void main(void) { int a = 127; float c = a / 8;//EXP-04 } |
STR | Operations with strings defects | |
STR-01 | Buffer overflow in string operation (copy, concatenate, etc.) | #include <string.h> void main(void) { char src[10] = "Hello"; char dest[5]; strcpy(dest, src);//STR-01 } |
MATH | Arithmetic defects | |
MATH-01 | Division by zero | #include <stdio.h> void main(void) { float t,k; scanf("%d",&t); k = 5/t;//MATH-01 } |
FUNC | Function declaration errors | |
FUNC-01 | Call of external function without annotation | extern int f(); void main(void) { int x; x = f();//FUNC-01 } |
FUNC-02 | Call of function via incorrect pointer | #include <stdlib.h> void main(void) { void (*pf)(void) = NULL; pf();//FUNC-02 } |
FUNC-03 | Function has no return value (definition of function with non-void return type does not includes return value) | int * g(int i) { i++; } void main(void) { int * k = g(1);//FUNC-03 } |