Cppcheck-2.21.0

Release Notes for Cppcheck 2.21

Major bug fixes & crashes:

• Fixed potential crash with incomplete preprocessor directive
• Fixed hang in createAst
• Fixed invalid AST for braced initialization and references/pointers
• Fixed cppcheckError with array typedef
• Fixed recheck which now correctly excludes non selected files
• Fixed potential crash when rechecking files in gui

New checks:

• MISRA C 2012 rule 10.3 now warns on assigning integer literals 0 and 1 to bool in C99 and later while preserving the existing C89 behavior.
• funcArgNamesDifferentUnnamed warns on function declarations/definitions where a parameter in either location is unnamed
• uninitMemberVarNoCtor warns on user-defined types where (1) some but not all members requiring initialization have in-class initializers or (2) there is a mixture of members which do/do not require initialization.
• fcloseInLoopCondition warns when fclose() is used as a while loop condition, which may skip the loop body or double-close the file handle.

C/C++ support:

• import project: include path in compile_commands.json now handled correctly

GUI:

• Removed handling of Cppcheck Premium LOC license

Other:

• Make it possible to specify the regular expression engine using the engine element in a rule XML.
• Added CLI option --exitcode-suppress to specify an error ID which should not result in a non-zero exitcode.
• Moved source code from https://github.com/danmar/cppcheck to https://github.com/cppcheck-opensource/cppcheck
• The official Windows binary is now built with Visual Studio 2026.
• Updated simplecpp to 1.7.0.

Cppcheck-2.20.0

Release Notes for Cppcheck 2.20

GUI:

• Fix: The Misra C checkbox in "Edit Project" dialog is unchecked after reloading project.
• Fix: In the Misra Report, use proper icons according to misra classifications
• Fix: The platform files are not shown in the dropdown in ProjectFileDialog
• Troubleshooting: detailed progress view that shows what files the threads are working on

Changed interface:

• removed CMake option "DISABLE_CRTDBG_MAP_ALLOC"
• CMake option "BUILD_TESTS" has been deprecated and will be removed in Cppcheck 2.22 - use "BUILD_TESTING" instead

Other:

• The built-in "win*" and "unix*" platforms will now default to signed char type instead of unknown signedness. If you require unsigned chars please specify "--funsigned-char"
• bumped minimum required CMake version to 3.22
• Support inline polyspace suppressions

2.19.0

Release Notes for Cppcheck 2.19

Major bug fixes & crashes:

• Crash in CheckClass::checkConst()
• fuzzing crash (assert) in Token::update_property_info()
• Crash in checkConstVariable()
• Crash in valueFlowLifetimeClassConstructor()
• GUI: scratch pad crash
• Assert failure in getParentValueTypes()
• Crash in simplecpp::Macro::expand()
• crash in Tokenizer::simplifyCPPAttribute()

New checks:

• Detect zero initialization of unions in which its largest member is not
  declared as the first one. Depending on the compiler, there's no guarantee
  that the complete union will be zero initialized in such scenarios leading to
  potential access of uninitialized memory.
• Added warning when main() throws an exception

C/C++ support:

• Fixed syntax error for C++23 lambda without parameter clause
• Added support for typeof and __typeof operators

GUI:

• Fix bug: checks multiple configurations even though user provides defines

Changed interface:

• some preprocessorErrorDirective and syntaxError errors got more specific error IDs.
• Removed deprecated platforms unix32-unsigned and unix64-unsigned
• Improve progress value
• Added float bits support in platform configuration
• Fixed --showtime not accounting for addons

Performance:

• Introduced cache for followAllReferences() calls

Infrastructure & dependencies:

• Removed deprecated support for builds with Qt5.
• Added make variables CXXOPTS and LDOPTS to extend existing CXXFLAGS and LDFLAGS.
• Added make variables CPPOPTS to extend existing CPPFLAGS.
• CPPFLAGS are not longer being passed to the linker command for cppcheck and testrunner.
• Updated Qt to 6.10.0 (official Windows release only).
• The official Windows binary is now built against Boost 1.89 for increased performance.
• Updated to simplecpp 1.6.2
• The Visual Studio builds not longer set the WIN32 define.
• Added DISALLOW_PROCESS_EXECUTOR for building without fork().

The changes focus heavily on stability (crash fixes), C/C++ compatibility, reducing false positives, and improving performance.

Cppcheck-2.18.0

Release Notes for Cppcheck 2.18

Changed interface:

• Updated path matching syntax for -i, --file-filter, suppressions, GUI excludes, and project file excludes.
  Old patterns that use a * may need to use ** instead if it is intended to match path separators. More details can be seen in the manual.

Deprecations:

• Support for building with Qt 5 will be removed in Cppcheck 2.19.
• The platform 'unix32-unsigned' has been deprecated and will be removed in Cppcheck 2.19. Please use '--platform=unix32 --funsigned-char' instead.
• The platform 'unix64-unsigned' has been deprecated and will be removed in Cppcheck 2.19. Please use '--platform=unix64 --funsigned-char' instead.

Other:

• Updated Qt to 6.9.1 (official Windows release only).
• added CMake target run-clang-tidy-csa to run Clang Static Analyzer
• added CMake option ENABLE_CSA_ALPHA to enable the Clang Static Analyzer alpha checkers
• Updated TinyXML-2 to v11.0.0
• The minimum supported Python version has been bumped to 3.7.
• CMake will now unconditionally use Boost.Containers if available. If CMake option USE_BOOST is specified it will now bail out when it is not found.
• Fix checking a project that contains several project file entries for the same file.
• Fixed --file-filter matching of looked up files in provided paths.
• Split up cstyleCast checker; dangerous casts produce portability/warning reports, safe casts produce style reports.
• Removed deprecated '--showtime=' value 'top5'. Please use 'top5_file' or 'top5_summary' instead.

Cppcheck-2.17.1

fixes:

• 2cec7eb fixed #13656 - fixed stack-use-after-scope in GUI
• 521d5d8 Fix #13633 (safety: the xml version 3 report should show safety properties)

Cppcheck-2.17.0

Release Notes for Cppcheck 2.17

New checks:

• staticFunction: detect functions that should have internal linkage since they
  are not used outside of their translation unit (C code only).
• Check null pointer return from memory/resource allocation functions (nullPointerOutOfMemory,
  nullPointerArithmeticOutOfMemory, nullPointerOutOfResources, ctunullpointerOutOfMemory,
  ctunullpointerOutOfResources).

Changed interface:

• Added reduced check level. It can be activated with --check-level=reduced. You get faster analysis
  but some fewer results. The motivation is to be able to make analysis time "acceptable" for direct usage.
• Added --report-type option. Enables printing of guidelines and classifications for several coding
  standards in place of the regular error identifiers and severities.

Other:

• Removed deperecated support for builds via qmake.
• Using a handwritten rule texts file for MISRA C addon violates license and copyright terms. See the
  manual for instructions how to download a official rule texts file from MISRA.

Cppcheck-2.16.0

Release Notes for Cppcheck 2.16.0

Improved checking:

• constVariable; checking multidimensional arrays
• constVariablePointer; nested array access
• deallocuse

Changed interface:

• SARIF output. Use --output-format=sarif to activate this.
• Add option --output-format=. Allowed formats are sarif and xml.

Deprecations:

• The previously deprecated support for Python 2.7 has been removed. please use Python 3 instead.
• The maximum value for --max-ctu-depth is currently capped at 10. This limitation will be removed in a future release.

Other:

• "missingInclude" is no longer implicitly enabled with "information" - you need to enable it explicitly now.
• Fixed checkers report when --addon=misra.py or --addon=misra.json is used.

Cppcheck-2.15

Release Notes for Cppcheck 2.15

New checks:

• suspiciousFloatingPointCast flags unnecessary floating point casts that cause loss of precision

GUI:

• Added misra/cert/autosar reports
• Fixed "Recheck"
• Add "inline suppressions" option in project file
• Make it possible to define extra defines when importing a project

Changed interface:

• Added command-line option --cpp-header-probe (and --no-cpp-header-probe) to probe headers and extension-less files for Emacs marker (see https://trac.cppcheck.net/ticket/10692 for more details)

Deprecations:

• Support for Python 2.7 has been deprecated (it went EOL in January 2020) and will be removed in Cppcheck 2.16 - please use Python 3.x instead.
• The already deprecated support for qmake will be removed in Cppcheck 2.16 - please use CMake instead.

Other:

• Add support for 'CLICOLOR_FORCE'/'NO_COLOR' environment variables to force/disable ANSI color output for diagnostics.
• Add "remark comments" that can be used to generate reports with justifications for warnings
• The whole program analysis is now being executed when "--project" is being used.
• Improved import of Visual Studio projects, support shared items projects (*.vcxitems).

Cppcheck-2.14.2

Small tweaks and fixes

• Justifications for warnings using comments in the code (https://trac.cppcheck.net/ticket/12610)
• Fix alignas handling (https://trac.cppcheck.net/ticket/12807) and (https://trac.cppcheck.net/ticket/12813)

Cppcheck-2.14.1

What's Changed

• Build: fix USE_MATCHCOMPILER CMake option validation, it works as it should again
• Improve Checking: implement evaluation order checker for c++11 and later
• GUI: Do not show messages during analysis that are inactivated in the toolbar
• Cppcheck Premium: update mapping of checkers in cppcheck
• Cppcheck Premium: GUI option to enable misra c++ 2023
• Cppcheck Premium: show misra c++ 2023 option in --help output

Full Changelog: 2.14.0...2.14.1