...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP53-CPP | High | Probable | Medium | P12 | L1 |
Automated Detection
Tool | Version | Checker | Description | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| uninitialized-read | Partially checked | |||||||||
| Clang |
| -Wuninitialized clang-analyzer-core.UndefinedBinaryOperatorResult | Does not catch all instances of this rule, such as uninitialized values read from heap-allocated memory. | |||||||||
| CodeSonar |
| LANG.STRUCT.RPL | Return pointer to local Uninitialized variable | |||||||||
| Helix QAC |
| DF726, DF2727, DF2728, DF2961, DF2962, DF2963, DF2966, DF2967, DF2968, DF2971, DF2972, DF2973, DF2976, DF2977, DF978 | ||||||||||
| Klocwork |
| UNINIT.CTOR.MIGHT UNINIT.CTOR.MUST UNINIT.HEAP.MIGHT UNINIT.HEAP.MUST UNINIT.STACK.ARRAY.MIGHT UNINIT.STACK.ARRAY.MUST UNINIT.STACK.ARRAY.PARTIAL.MUST UNINIT.STACK.MIGHT UNINIT.STACK.MUST | ||||||||||
| LDRA tool suite |
| 53 D, 69 D, 631 S, 652 S | Partially implemented | |||||||||
| Parasoft C/C++test |
| BDCERT_CPP-PB-NOTINITEXP53-a | Avoid use before initialization | |||||||||
| Parasoft Insure++ | Runtime detection | PRQA QA-C++ | 9.1 | 2961, 2962, 2963, 2966, 2967, 2968, 2971, 2972, 2973, 2976, 2977, 2978 | ||||||||
| Polyspace Bug Finder |
| CERT C++: EXP53-CPP | Checks for:
Rule partially covered. | |||||||||
| PVS-Studio |
| V546, V573, V614, | PVS-Studio | 6.22 | V546, V573, V670, V679, V730, V788, V1007, V1050 | |||||||
| RuleChecker |
| uninitialized-read | Partially checkedGeneral analysis rule set |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...