New Coverity run Oct 1st. 58 fixed, 41 new warnings in cabinet, jscript, mshtml, wined3d, and code generated by widl
Rob Shearman
robertshearman at gmail.com
Mon Oct 6 17:41:59 CDT 2008
- Previous message: New Coverity run Oct 1st. 58 fixed, 41 new warnings in cabinet, jscript, mshtml, wined3d, and code generated by widl
- Next message: New Coverity run Oct 1st. 58 fixed, 41 new warnings in cabinet, jscript, mshtml, wined3d, and code generated by widl
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
2008/10/6 Dan Kegel <dank at kegel.com>:
> Thanks to the half-dozen Wine developers attacking the Coverity
> warnings, we are slowly making progress.
>
> Here are the warnings that were new as of October 1st
> and which have not yet been classified.
> They fall into five areas (four DLLs and one kind of generated code):
>
> CID Checker Func File
...
> 781 REVERSE_INULL __finally_IEnumFORMATETC_RemoteNext_Stub
> dlls/ole32/ole32_objidl_p.c
> 782 REVERSE_INULL __finally_IEnumMoniker_RemoteNext_Stub
> dlls/ole32/ole32_objidl_p.c
> 783 REVERSE_INULL __finally_IEnumSTATDATA_RemoteNext_Stub
> dlls/ole32/ole32_objidl_p.c
> 784 REVERSE_INULL __finally_IEnumUnknown_RemoteNext_Stub
> dlls/ole32/ole32_objidl_p.c
> 785 REVERSE_INULL __finally_IDispatch_RemoteInvoke_Stub
> dlls/oleaut32/oleaut32_oaidl_p.c
> 786 REVERSE_INULL __finally_IEnumVARIANT_RemoteNext_Stub
> dlls/oleaut32/oleaut32_oaidl_p.c
> 787 REVERSE_INULL __finally_ITypeInfo_RemoteGetNames_Stub
> dlls/oleaut32/oleaut32_oaidl_p.c
> 788 REVERSE_INULL __finally_ITypeLib_RemoteFindName_Stub
> dlls/oleaut32/oleaut32_oaidl_p.c
> 789 REVERSE_INULL
> __finally_IEnumConnectionPoints_RemoteNext_Stub
> dlls/oleaut32/oleaut32_ocidl_p.c
> 790 REVERSE_INULL __finally_IEnumConnections_RemoteNext_Stub
> dlls/oleaut32/oleaut32_ocidl_p.c
> 791 REVERSE_INULL __finally_IEnumOleUndoUnits_RemoteNext_Stub
> dlls/oleaut32/oleaut32_ocidl_p.c
> 792 REVERSE_INULL __finally_IPropertyPage_SetObjects_Stub
> dlls/oleaut32/oleaut32_ocidl_p.c
> 774 REVERSE_INULL __finally_IEnumBackgroundCopyFiles_Next_Stub
> dlls/qmgrprxy/qmgrprxy_p.c
> 775 REVERSE_INULL __finally_IEnumBackgroundCopyJobs_Next_Stub
> dlls/qmgrprxy/qmgrprxy_p.c
> 793 REVERSE_INULL __finally_IServer_sum_padded2
> dlls/rpcrt4/tests/server_s.c
> 794 REVERSE_INULL __finally_IServer_sum_padded_conf
> dlls/rpcrt4/tests/server_s.c
> 776 REVERSE_INULL __finally_epm_ept_delete programs/rpcss/epm_s.c
> 777 REVERSE_INULL __finally_epm_ept_insert programs/rpcss/epm_s.c
> 778 REVERSE_INULL __finally_epm_ept_lookup programs/rpcss/epm_s.c
These are caused by a bug in widl that generates the incorrect code.
Compare the code that widl generates:
static void __finally_IEnumMoniker_RemoteNext_Stub( struct
__frame_IEnumMoniker_RemoteNext_Stub *__frame )
{
__frame->_StubMsg.MaxCount = (unsigned long)__frame->celt;
__frame->_StubMsg.Offset = (unsigned long)0;
__frame->_StubMsg.ActualCount = (unsigned long)*__frame->pceltFetched;
NdrComplexArrayFree(
&__frame->_StubMsg,
(unsigned char *)__frame->rgelt,
(PFORMAT_STRING)&__MIDL_TypeFormatString.Format[448]);
if (__frame->rgelt)
__frame->_StubMsg.pfnFree(__frame->rgelt);
NdrPointerFree(
&__frame->_StubMsg,
(unsigned char *)__frame->pceltFetched,
(PFORMAT_STRING)&__MIDL_TypeFormatString.Format[466]);
}
And the code that MIDL generates:
{
( _StubMsg.MaxCount = ( unsigned long )celt ) ;
( _StubMsg.Offset = ( unsigned long )0 ) ;
( _StubMsg.ActualCount = ( unsigned long )(pceltFetched ?
*pceltFetched : 0) ) ;
NdrPointerFree( &_StubMsg,
(unsigned char *)rgelt,
&objidl__MIDL_TypeFormatString.Format[812] );
}
So in this case and most of the cases like it we shouldn't be calling
NdrComplexFree directly. There are other cases where we could
potentially generate code that could crash, but the generated code is
similar to that generated by MIDL so it highlights a potential bug in
MIDL too.
However, it should be noted that these issues won't ever cause a
program to crash since we handle both types of exception in
CStdStubBuffer_Invoke. It's only a correctness issue as to what return
code we pass back to the client.
--
Rob Shearman
- Previous message: New Coverity run Oct 1st. 58 fixed, 41 new warnings in cabinet, jscript, mshtml, wined3d, and code generated by widl
- Next message: New Coverity run Oct 1st. 58 fixed, 41 new warnings in cabinet, jscript, mshtml, wined3d, and code generated by widl
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the wine-devel
mailing list