Defect types

The following table contains defect types that can be detected by Aegis. There is description and example of program for each defect type in the table.

You can detect these defects using defect detection service. To defect them, you should copy an example to clipboard and then to source code storage. After that, launch defect detection service.

Type Description Example
RES Resource control defects
RES-01 Local dynamic memory leak (detected at end of function)
void f()
{
int* array;
array = malloc(sizeof(int)*5);//RES-01
}
void main(void)
{
f();
}
RES-01A Global dynamic memory leak (detected at end of program)
void main(void)
{
int* array;
array = malloc(sizeof(int)*5);//RES-01A
}
RES-02 Local resource leak (detected at end of function)
#include <stdio.h>
void f()
{
FILE* f;
char buf[30];
f = fopen(buf, "w");//RES-02
}
void main(void)
{
f();
}
RES-02A Global resource leak (detected at end of program)
#include <stdio.h>
void main(void)
{
FILE* f;
char buf[30];
f = fopen(buf, "w");//RES-02A
}
RES-03 Double dynamic memory free
void main(void)
{
int* array;
array = malloc(sizeof(int)*5);
free(array);
free(array);//RES-03
}
RES-03A Dynamic memory free for pointer to the middle of dynamic array
void main(void)
{
int* array;
int size = 20;
array = malloc(sizeof(int)*size);
free(&array[size - size/2]);//RES-03A
}
RES-03B Dynamic memory free for pointer to static object
void main(void)
{
int a = 10;
int* p_a = &a;
free(p_a);//RES-03B
}
RES-04 Double resource free
#include <unistd.h>
#include <fcntl.h>
int main(void)
{
close(0);
close(0);//RES-04
return 0;
}
RES-06 Resource protocol violation (operations with closed, unopened, uncontrolled resource, etc.) ------
BUF Operations with buffers/arrays defects
BUF-02 Dereference of pointer out of bounds
int main(void)
{
int arr[10];
int *p_arr;
p_arr = arr;
p_arr += 10;
printf("%d" , *p_arr);//BUF-02
}
BUF-03 Buffer overflow (read/write from/to buffer with not enough size)
#include <string.h>
int main(void)
{
char str1[] = "String";
char str2[] = "ExString";
strncpy(str1,str2,strlen(str2));//BUF-03
}
BUF-05 Subtraction or comparison of pointers to different objects
void main(void)
{
int a1[10];
int a2[15];
int *pa1 = a1;
int *pa2=a2+7;
int diff = (pa2 - pa1);//BUF-05
}
INI Uninitialization defects
INI-01 Use of uninitialized variable
void main(void)
{
int a[4] = { 0, 1, 2, 3};
int d1,i;
for(i=0;i<= d1;i++)
{//INI-01
a[0] +=1;
}
}
INI-03 Dereference of uninitialized, null or incorrect pointer
#include <stdlib.h>
void main(void)
{
int* p = NULL;
*p = 1;//INI-03
}
FRM Format string defects
FRM-01 Use of uncontrolled value as format string
#include <stdio.h>
void main(void)
{
char value[50];
scanf("%49s", value);
printf(value);//FRM-01
}
EXP Expression defects
EXP-04 Usage of integer variables in floating arithmetics
void main(void)
{
int a = 127;
float c = a / 8;//EXP-04
}
STR Operations with strings defects
STR-01 Buffer overflow in string operation (copy, concatenate, etc.)
#include <string.h>
void main(void)
{
char src[10] = "Hello";
char dest[5];
strcpy(dest, src);//STR-01
}
MATH Arithmetic defects
MATH-01 Division by zero
#include <stdio.h>
void main(void)
{
float t,k;
scanf("%d",&t);
k = 5/t;//MATH-01
}
FUNC Function declaration errors
FUNC-01 Call of external function without annotation
extern int f();
void main(void)
{
int x;
x = f();//FUNC-01
}
FUNC-02 Call of function via incorrect pointer
#include <stdlib.h>
void main(void)
{
void (*pf)(void) = NULL;
pf();//FUNC-02
}
FUNC-03 Function has no return value (definition of function with non-void return type does not includes return value)
int * g(int i)
{
i++;
}
void main(void)
{
int * k = g(1);//FUNC-03
}