Weekly cppcheck run against Aug 27 Git Tree
chris ahrendt
celticht32 at yahoo.com
Thu Aug 27 20:18:17 CDT 2009
Mike Kaplinskiy wrote:
> On Thu, Aug 27, 2009 at 3:52 PM, chris ahrendt<celticht32 at yahoo.com> wrote:
>
>> This is the result of running cppcheck 1.35 with the --all parm against
>> the august 27th Git tree:
>>
>> [../wine-git/dlls/dbghelp/msc.c:88]: (possible error) Array index out of
>> bounds
>> [../wine-git/dlls/dbghelp/msc.c:89]: (possible error) Array index out of
>> bounds
>>
>
> False positive, apparently the numbers are hardcoded as:
> 72 char msg[128];
> 88 msg[10 + 3 * 16] = ' '; // = 58<127
> 89 msg[10 + 3 * 16 + 1 + 16] = '\0'; // = 75<127
>
>
>> [../wine-git/dlls/shell32/cpanelfolder.c:562]: (error) Possible null
>> pointer dereference: rgfInOut
>> [../wine-git/dlls/shell32/shfldr_desktop.c:437]: (error) Possible null
>> pointer dereference: rgfInOut
>> [../wine-git/dlls/shell32/shfldr_fs.c:577]: (error) Possible null
>> pointer dereference: rgfInOut
>> [../wine-git/dlls/shell32/shfldr_mycomp.c:474]: (error) Possible null
>> pointer dereference: rgfInOut
>> [../wine-git/dlls/shell32/shfldr_netplaces.c:352]: (error) Possible null
>> pointer dereference: rgfInOut
>>
>
> It doesn't like the ternary operator? These lines are TRACE lines with
> one of the args being ``rgfInOut ? *rgfInOut : 0''. False positive.
>
>
>> [../wine-git/dlls/user32/tests/msg.c:63]: (error) Invalid number of
>> character ({). Can't process file.
>> [../wine-git/dlls/winealsa.drv/waveinit.c:745]: (possible error) Buffer
>> overrun
>>
>
> 739 char defaultpcmname[256];
> 745 sprintf(defaultpcmname, "default");
>
> Something is wrong with cppcheck... False positive.
>
>
>> [../wine-git/dlls/wined3d/arb_program_shader.c:907]: (possible error)
>> Buffer overrun
>> [../wine-git/dlls/wined3d/arb_program_shader.c:915]: (possible error)
>> Buffer overrun
>> [../wine-git/dlls/wined3d/glsl_shader.c:3416]: (possible error) Buffer
>> overrun
>> [../wine-git/dlls/wined3d/glsl_shader.c:3418]: (possible error) Buffer
>> overrun
>> [../wine-git/dlls/wined3d/glsl_shader.c:3519]: (possible error) Buffer
>> overrun
>> [../wine-git/dlls/wined3d/glsl_shader.c:3521]: (possible error) Buffer
>> overrun
>>
>
> Not checking those - i don't even pretend to understand how modern
> graphics works.
>
>
>> [../wine-git/dlls/wineoss.drv/mixer.c:1458]: (possible error) Buffer overrun
>>
>
> So...it picks
> 1455 char name[32];
> 1458 sprintf(name, "/dev/mixer");
>
> as an error, but not:
>
> 1460 sprintf(name, "/dev/mixer%d", i);
>
> False positive.
>
>
>> [../wine-git/dlls/wineps.drv/init.c:270]: (error) Possible null pointer
>> dereference: dmW
>>
>
> This one is actually a bug, the null check is below this line. All the
> callers check for nulls, though.
>
>
>> [../wine-git/programs/oleview/pane.c:152]: (error) Possible null pointer
>> dereference: hWndCreated
>>
>
> Also a bug, and a very real one. Coincidentally, the null check on the
> next line is also wrong (should be if (!*hWndCreated) )
>
>
>> [../wine-git/programs/winetest/main.c:114]: (possible error) Buffer overrun
>> [../wine-git/programs/winetest/main.c:116]: (possible error) Buffer overrun
>> [../wine-git/programs/winetest/main.c:119]: (possible error) Buffer overrun
>> [../wine-git/programs/winetest/main.c:121]: (possible error) Buffer overrun
>>
>
> More of sprintf with just a string nonsense. False positive.
>
>
>> [../wine-git/server/file.c:235]: (possible error) Buffer overrun
>>
>
> Also sprintf nonsense, but slightly more dangerous. The buffer is
> declared with [16] and the string is of length 14+1, so a few more
> bytes wouldn't hurt. :)
>
>> Chris
>>
>>
>
> If someone could send patches for the few bugs that would be nice.
>
> Chris - cppcheck is clearly crazy about sprintf's and ternary
> operators. You might want to report that.
>
> Mike.
>
>
>
Sending the report now.
chris
More information about the wine-devel
mailing list