Coverity doing scans of Wine codebase!
Tom Spear (Dustin Booker, Dustin Navea)
speeddymon at gmail.com
Fri Apr 7 06:25:45 CDT 2006
James Hawkins wrote:
> On 4/6/06, Mike Hearn <mike at plan99.net> wrote:
>> OK, that was a bit over-enthusiastic. A few of these are more tricky. EG:
> Of the possible bugs I've seen so far, most of them are valid and
> worth fixing, but the checker stumbles over WideCharToMultiByte. The
> checker reports two errors for (most) calls to WideCharToMultibyte:
> * Passing a negative value for the length of the source string.
> The checker doesn't pick up on this line:
> if (srclen < 0) srclen = strlenW(src) + 1;
> so we never access the string with a negative index.
Umm, all that does is increment it by 1... What if _somehow_ (dont ask
me how, just venturing a guess) a bogus number is passed by strlenW(src)
like -3789246? Then you end up with srclen == -3789245...
> * Negative value can be returned and we don't check for it.
> The return type of WideCharToMultiByte is int, but the function is
> only supposed to return string lengths or 0 on error, and AFAIK no
> negative value is ever returned. You would think the checker would
> pick up on that fact.
> The problem is that we call WideCharToMultiByte quite a few times
> throughout the wine codebase, so we have a lot of false positives with
> that one.
I could be wrong, but wouldnt it be (theoretically speaking) possible
for a program to force a negative number out of it (even though it isnt
supposed to be able to), since it IS an int, regardless of the return
More information about the wine-devel