Weekly cppcheck run against Aug 27 Git Tree

Mike Kaplinskiy mike.kaplinskiy at gmail.com
Thu Aug 27 19:24:52 CDT 2009 

On Thu, Aug 27, 2009 at 3:52 PM, chris ahrendt<celticht32 at yahoo.com> wrote:
> This is the result of running cppcheck 1.35 with the --all parm against
> the august 27th Git tree:
>
> [../wine-git/dlls/dbghelp/msc.c:88]: (possible error) Array index out of
> bounds
> [../wine-git/dlls/dbghelp/msc.c:89]: (possible error) Array index out of
> bounds

False positive, apparently the numbers are hardcoded as:
72     char        msg[128];
88         msg[10 + 3 * 16] = ' '; // = 58<127
89         msg[10 + 3 * 16 + 1 + 16] = '\0'; // = 75<127

> [../wine-git/dlls/shell32/cpanelfolder.c:562]: (error) Possible null
> pointer dereference: rgfInOut
> [../wine-git/dlls/shell32/shfldr_desktop.c:437]: (error) Possible null
> pointer dereference: rgfInOut
> [../wine-git/dlls/shell32/shfldr_fs.c:577]: (error) Possible null
> pointer dereference: rgfInOut
> [../wine-git/dlls/shell32/shfldr_mycomp.c:474]: (error) Possible null
> pointer dereference: rgfInOut
> [../wine-git/dlls/shell32/shfldr_netplaces.c:352]: (error) Possible null
> pointer dereference: rgfInOut

It doesn't like the ternary operator? These lines are TRACE lines with
one of the args being ``rgfInOut ? *rgfInOut : 0''. False positive.

> [../wine-git/dlls/user32/tests/msg.c:63]: (error) Invalid number of
> character ({). Can't process file.
> [../wine-git/dlls/winealsa.drv/waveinit.c:745]: (possible error) Buffer
> overrun

739             char defaultpcmname[256];
745             sprintf(defaultpcmname, "default");

Something is wrong with cppcheck... False positive.

> [../wine-git/dlls/wined3d/arb_program_shader.c:907]: (possible error)
> Buffer overrun
> [../wine-git/dlls/wined3d/arb_program_shader.c:915]: (possible error)
> Buffer overrun
> [../wine-git/dlls/wined3d/glsl_shader.c:3416]: (possible error) Buffer
> overrun
> [../wine-git/dlls/wined3d/glsl_shader.c:3418]: (possible error) Buffer
> overrun
> [../wine-git/dlls/wined3d/glsl_shader.c:3519]: (possible error) Buffer
> overrun
> [../wine-git/dlls/wined3d/glsl_shader.c:3521]: (possible error) Buffer
> overrun

Not checking those - i don't even pretend to understand how modern
graphics works.

> [../wine-git/dlls/wineoss.drv/mixer.c:1458]: (possible error) Buffer overrun

So...it picks
1455         char name[32];
1458             sprintf(name, "/dev/mixer");

as an error, but not:

1460             sprintf(name, "/dev/mixer%d", i);

False positive.

> [../wine-git/dlls/wineps.drv/init.c:270]: (error) Possible null pointer
> dereference: dmW

This one is actually a bug, the null check is below this line. All the
callers check for nulls, though.

> [../wine-git/programs/oleview/pane.c:152]: (error) Possible null pointer
> dereference: hWndCreated

Also a bug, and a very real one. Coincidentally, the null check on the
next line is also wrong (should be if (!*hWndCreated) )

> [../wine-git/programs/winetest/main.c:114]: (possible error) Buffer overrun
> [../wine-git/programs/winetest/main.c:116]: (possible error) Buffer overrun
> [../wine-git/programs/winetest/main.c:119]: (possible error) Buffer overrun
> [../wine-git/programs/winetest/main.c:121]: (possible error) Buffer overrun

More of sprintf with just a string nonsense. False positive.

> [../wine-git/server/file.c:235]: (possible error) Buffer overrun

Also sprintf nonsense, but slightly more dangerous. The buffer is
declared with [16] and the string is of length 14+1, so a few more
bytes wouldn't hurt. :)
>
>
> Chris
>

If someone could send patches for the few bugs that would be nice.

Chris - cppcheck is clearly crazy about sprintf's and ternary
operators. You might want to report that.

Mike.

More information about the wine-devel mailing list