- The
securitytag has been added to thecpp/return-stack-allocated-memoryquery. As a result, its results will now appear by default. - The "Uncontrolled data in arithmetic expression" (cpp/uncontrolled-arithmetic) query has been enhanced to reduce false positive results and its @precision increased to high.
- A new
cpp/very-likely-overrunning-writequery has been added to the default query suite for C/C++. The query reports some results that were formerly flagged bycpp/overrunning-write.
- Fix an issue with the
cpp/declaration-hides-variablequery where it would report variables that are unnamed in a database. - The
cpp/cleartext-storage-filequery has been upgraded with non-local taint flow and has been converted to apath-problemquery. - The
cpp/return-stack-allocated-memoryquery has been improved to produce fewer false positives. The query has also been converted to apath-problemquery. - The "Cleartext transmission of sensitive information" (
cpp/cleartext-transmission) query has been improved in several ways to reduce false positive results. - The "Potential improper null termination" (
cpp/improper-null-termination) query now produces fewer false positive results around control flow branches and loops. - Added exception for GLib's gboolean to cpp/ambiguously-signed-bit-field. This change reduces the number of false positives in the query.