Xcode Static Analyzer

RSS for tag

The Xcode Clang Static Analyzer finds bugs in Objective-C, C, and C++ code. It finds hard-to-produce, edge-case bugs without the need to run code and shows the sequence of steps along which the bug occurs.

Posts under Xcode Static Analyzer tag

8 Posts
Sort by:

Post

Replies

Boosts

Views

Activity

How to retrieve overall memory peak in C++
I'm trying to retrieve the overall memory peak of a process. I've looked into retrieving it through task_vm_info struct defined in task_info.h By logging the members of the struct, it seems neither resident_size_peak, internal_peak or ledger_phys_footprint_peak is matching what the peak memory value that's being detected by xcode instrument. Can anyone point me to the correct way to retrieve that peak value? Is it the summation of some of the fields in task_vm_info` or is there a more complicated algorithm involved in deriving that value?
0
0
121
Nov ’24
The customer requested a pen-test for this app, and they reported some issues related to buffer overflow and weak randomness functions
The customer requested a pen-test for this app, and they reported some issues related to buffer overflow and weak randomness functions. I reviewed the identified methods, but I couldn't find them in the code or third-party SDKs. We would like to know if you can review these methods to see if there is a possible solution or if you can guarantee that these functions are safe. They say that they applied a reverse engineering tool and it delivered our app compiled using this c/c++ functions that are considered unsafe. The tool used is: Ghidra (https://ghidra-sre.org/) These are methods reported by Ciber security team: Related to buffer overflow: Related to weak randomness functions:
2
0
581
Jul ’24
Suppressing C++ static analyzer in external C++ code?
I am including the glm library in my Xcode project and want to suppress this warning: /opt/extlibs/macosx/include/glm/./ext/../gtc/bitfield.inl:343:15: warning: Although the value stored to 'x' is used in the enclosing expression, the value is never actually read from 'x' [deadcode.DeadStores] uint16 REG2(x >>= 1); ^ ~ Is there a way to do that via a #pragma or a #define or something else in the Build Settings?
0
0
482
Apr ’24
App Icon Images issue in the Vision OS APP Stimulator for the last one
Dear Apple Developer Forum Community, I hope this message finds you well. I am writing to seek assistance regarding an error I encountered while attempting to create a "Swift Basics " application using Xcode. Upon launching Xcode and starting a new project, I followed the standard procedure "/Users/zipzygames/Desktop/Swift Basics/Swift Basics/Assets.xcassets:./AppIcon.solidimagestack The last visionOS App Icon Layer with content, "Back", must exactly fill the image stack. Its current frame is {{0, 0}, {515.5, 640}} while the visionOS App Icon's size is {512, 512}. " I have attempted to troubleshoot the issue by adding the 32 pixels and less 512 * 512 , but unfortunately, I have been unsuccessful in resolving it. I am reaching out to the community in the hope that someone might have encountered a similar issue or have expertise in troubleshooting Xcode errors. Any guidance, suggestions, or solutions would be greatly appreciated. Thank you very much for your time and assistance. Sincerely, Zipzy games
2
0
1.2k
Feb ’24
How to fix: IPA BINARY CODE ANALYSIS in iOS swift
I received the MOBSF security check result PDF, where I found some "High" severity issues. 1.Binary makes use of insecure API(s) with high CWE: CWE-676: Use of Potentially Dangerous Function OWASP Top 10: M7: Client Code Quality OWASP MASVS: MSTG-CODE-8. The binary may contain the following insecure API(s): _sscanf, _memcpy, _fopen. 2.Binary makes use of the malloc function with high CWE: CWE-789: Uncontrolled Memory Allocation OWASP Top 10: M7: Client Code Quality OWASP MASVS: MSTG-CODE-8. The binary may use the _malloc function instead of calloc. I have utilized a static analyzer, but I am unable to identify the APIs such as _sscanf and others in my codebase. This issue is not being shown in Xcode IDE either. I have attempted static analysis in Xcode using the approach: Product -> Analyze, but I am still unable to identify the mentioned issues. Can anyone please help me overcome this scenario and successfully pass the MOBSF test? Thanks in Advance
1
0
2.4k
Jul ’24