...
Tool | Version | Checker | Description | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| uninitialized-local-read uninitialized-variable-use | Fully checked | |||||||||||
Axivion Bauhaus Suite |
| CertC-EXP33 | ||||||||||||
CodeSonar |
| LANG.MEM.UVAR | Uninitialized variable | |||||||||||
Compass/ROSE | Automatically detects simple violations of this rule, although it may return some false positives. It may not catch more complex violations, such as initialization within functions taking uninitialized variables as arguments. It does catch the second noncompliant code example, and can be extended to catch the first as well | |||||||||||||
Coverity |
| UNINIT | Implemented | |||||||||||
Cppcheck |
| uninitvar | Detects uninitialized variables, uninitialized pointers, uninitialized struct members, and uninitialized array elements (However, if one element is initialized, then cppcheck assumes the array is initialized.) | |||||||||||
GCC | 4.3.5 | Can detect some violations of this rule when the | ||||||||||||
Helix QAC |
| C: 2726, 2727, 2728, 2961, 2962, 2963, 2966, 2967, 2968, 2971, 2972, 2973, 2976, 2977, 2978 | ||||||||||||
Klocwork |
| UNINIT.HEAP.MIGHT | ||||||||||||
LDRA tool suite |
| 53 D, 69 D, 631 S, 652 S | Fully implemented | |||||||||||
Parasoft C/C++test |
| CERT_C-EXP33-a | Avoid use before initialization | |||||||||||
Parasoft Insure++ |
| Runtime analysis | ||||||||||||
PC-lint Plus |
| 530, 603, 644, 901 | Fully supported | |||||||||||
Polyspace Bug Finder |
| Checks for:
Rule partially covered | ||||||||||||
PRQA QA-C |
| 2726, 2727, 2728, 2961, 2962, 2963, 2966, 2967, 2968, 2971, 2972, 2973, 2976, 2977, 2978 | Fully implemented | |||||||||||
PRQA QA-C++ |
| 2961, 2962, 2963, 2966, 2967, 2968, 2971, 2972, 2973, 2976, 2977, 2978 | ||||||||||||
PVS-Studio |
| V573, V614, V670, V679, V1050 | ||||||||||||
RuleChecker |
| uninitialized-local-read | Partially checked | |||||||||||
Splint | 3.1.1 | |||||||||||||
TrustInSoft Analyzer |
| initialisation | Exhaustively verified (see one compliant and one non-compliant example). | Helix QAC | Include Page | | Helix QAC_V | Helix QAC_V | C: 2726, 2727, 2728, 2961, 2962, 2963, 2966, 2967, 2968, 2971, 2972, 2973, 2976, 2977, 2978
Related Vulnerabilities
CVE-2009-1888 results from a violation of this rule. Some versions of SAMBA (up to 3.3.5) call a function that takes in two potentially uninitialized variables involving access rights. An attacker can exploit these coding errors to bypass the access control list and gain access to protected files [xorl 2009].
...