Errors detected in Open Source projects by the PVS-Studio developers through static analysis

We regularly check various open-source projects with PVS-Studio and send analysis results to developers and usually describe them in our posts as well. Besides, we add them into our bug database. This database is posted below on this page.

The bugs are grouped according to the number of the diagnostic rule that is used to detect them. The right column contains a link to the corresponding error samples.

We have deliberately refused to implement an option to view all the bugs found in a particular project: this might lead to an incorrect impression regarding the number of errors in the project and the analyzer's capabilities. You see, the tool is rapidly developing. While it found 10 bugs in a project one year ago, it doesn't mean at all that it will find the same amount now. Compare, for instance, the reports of ReactOS checks: first report, second report (a year and a half later).

You can offer us other open-source projects for analysis. The project types supported by PVS-Studio are given in the tool description.

This database may serve a unique resource for reflection on coding standards development, concepts of articles on programming rules, and help you in other researches regarding enhancing software reliability. We wish you interesting researches.

Read More 
Error Code Error Description Project List
V501 There are identical sub-expressions to the left and to the right of the 'foo' operator.
ADAPTIVE Communication Environment (ACE), Apache HTTP Server, AssaultCube Reloaded, Asterisk, Audacity, Blender, Boost (C++ libraries), Chromium, Clang, Coin3D, CoreCLR, Crash Server Library, ...
V502 Perhaps the '?:' operator works in a different way than it was expected. The '?:' operator has a lower priority than the 'foo' operator.
Apache Xerces Project, Chromium, FCEUX, Grid Control Re-dux, Haiku Operation System, IPP Samples, Miranda NG, MongoDB, Newton Game Dynamics, OTS, ReactOS, TinyCAD, ...
V503 This is a nonsensical comparison: pointer < 0.
Asterisk, Chromium, CoreCLR, Haiku Operation System, IPP Samples, OGDF, Scilab, Xpdf.
V505 The 'alloca' function is used inside the loop. This can quickly overflow stack.
Crystal Space 3D SDK, DeSmuME, Multi-threaded Dynamic Queue, Pixie, Synergy.
V506 Pointer to local variable 'X' is stored outside the scope of this variable. Such a pointer will become invalid.
Miranda NG, Unreal Engine 4, WinSCP.
V507 Pointer to local array 'X' is stored outside the scope of this array. Such a pointer will become invalid.
MAME, Miranda NG, MySQL, Pixie, Scilab, Source Engine SDK, TortoiseSVN.
V509 The 'throw' operator inside the destructor should be placed within the try..catch block. Raising exception inside the destructor is illegal.
Chromium, Data Distribution Service, FlightGear, Geant4 software, LibreOffice, NetXMS, OGRE, Protocol Buffers, Source Engine SDK, TortoiseGit, TortoiseSVN, WebRTC, ...
V510 The 'Foo' function is not expected to receive class-type variable as 'N' actual argument.
Apple II emulator, C++ Embedded Web Server, Chromium, Quake-III-Arena, SMTP Client, Scilab, TortoiseSVN, Unreal Engine 4, Wild Magic 5, WinMerge.
V511 The sizeof() operator returns size of the pointer, and not of the array, in given expression.
Chromium, Intel AMT SDK, MySQL, ReactOS, Samba, Shareaza, Source Engine SDK, Wolfenstein 3D.
V512 A call of the 'Foo' function will lead to a buffer overflow or underflow.
ADAPTIVE Communication Environment (ACE), Apache HTTP Server, Chromium, CoreCLR, DeSmuME, Doom 3, Energy Checker SDK, FCEUX, Far Manager, Fennec Media, FlightGear, Game_Music_Emu library, ...
V513 Use _beginthreadex/_endthreadex functions instead of CreateThread/ExitThread functions.
Multi Theft Auto, PostgreSQL Database Management System, SeqAn, Snes9x, Source Engine SDK, Tesseract, Trans-Proteomic Pipeline.
V514 Dividing sizeof a pointer by another value. There is a probability of logical error presence.
Miranda IM, Miranda NG, Notepad++, OpenCOLLADA, OpenMS, ReactOS, Scilab.
V516 Consider inspecting an odd expression. Non-null function pointer is compared to null.
Audacity, Micro-Manager.
V517 The use of 'if (A) {...} else if (A) {...}' pattern was detected. There is a probability of logical error presence.
Asterisk, Chromium, CoreCLR, CryEngine 3 SDK, Doom 3, EIB Suite, FFmpeg, FreeCAD, Geant4 software, ICU, ITK, LibreOffice, ...
V518 The 'malloc' function allocates strange amount of memory calculated by 'strlen(expr)'. Perhaps the correct variant is strlen(expr) + 1.
V519 The 'x' variable is assigned values twice successively. Perhaps this is a mistake.
Apple II emulator, CMake, Clang, CryEngine 3 SDK, Crystal Space 3D SDK, D programming language, Data Distribution Service, Doom 3, EA WebKit, Fireflies, Gamer_Z eXtreme Party, Geant4 software, ...
V520 The comma operator ',' in array index expression.
G3D Content Pak.
V521 Such expressions using the ',' operator are dangerous. Make sure the expression is correct.
CryEngine 3 SDK, G3D Content Pak, Grassroots DICOM library (GDCM), IPP Samples, Lugaru, OpenSSL, Oracle VM Virtual Box, Quake-III-Arena, Trans-Proteomic Pipeline, Unreal Engine 4, Visualization Toolkit (VTK).
V522 Dereferencing of the null pointer might take place.
Blender, Chromium, Clang, CoreCLR, D programming language, Data Distribution Service, GeoLib, Godot Engine, LibreOffice, Miranda NG, Multi Theft Auto, NetXMS, ...
V523 The 'then' statement is equivalent to the 'else' statement.
ADAPTIVE Communication Environment (ACE), Blender, Clang, CoreCLR, CryEngine 3 SDK, FlightGear, FreeCAD, Godot Engine, Haiku Operation System, IPP Samples, ITK, K Desktop Environment, ...
V524 It is odd that the body of 'Foo_1' function is fully equivalent to the body of 'Foo_2' function.
Blender, Chromium, Clang, Geant4 software, MAME, Nmap Security Scanner, OpenCV, OpenMW, SeqAn, Spring Engine, TortoiseSVN, Trans-Proteomic Pipeline, ...
V525 The code containing the collection of similar blocks. Check items X, Y, Z, ... in lines N1, N2, N3, ...
Fennec Media, Miranda IM, MySQL, Notepad++, Scilab, SeqAn, SlimDX, Source Engine SDK, Trans-Proteomic Pipeline, Win32++.
V526 The 'strcmp' function returns 0 if corresponding strings are equal. Consider examining the condition for mistakes.
Micro-Manager, Network Security Services (NSS), PostgreSQL Database Management System, wxWidgets.
V527 It is odd that the 'zero' value is assigned to pointer. Probably meant: *ptr = zero.
Apache HTTP Server, Haiku Operation System, PNG library, ReactOS, Scilab, Trans-Proteomic Pipeline.
V528 It is odd that pointer is compared with the 'zero' value. Probably meant: *ptr != zero.
Apache HTTP Server, CxImage, Doom 3, Fennec Media, Miranda IM, Miranda NG, Mozilla Firefox, Notepad++, OpenCV, Scilab, Snes9x, TortoiseGit, ...
V529 Odd semicolon ';' after 'if/for/while' operator.
CamStudio, Fennec Media, Haiku Operation System, MAME, Multi-threaded Dynamic Queue, Oracle VM Virtual Box, QuickThread, ReactOS, VirtualDub, Windows 8 Driver Samples, Xpdf.
V530 The return value of function 'Foo' is required to be utilized.
Battle for Wesnoth, Chromium, EchoVNC, Firebird, IPP Samples, ITK, Intel AMT SDK, Micro-Manager, MongoDB, Multi Theft Auto, Nmap Security Scanner, Qt, ...
V531 It is odd that a sizeof() operator is multiplied by sizeof().
CrashRpt library, NetDefender Firewall, ReactOS, XUIFramework.
V532 Consider inspecting the statement of '*pointer++' pattern. Probably meant: '(*pointer)++'.
Apache HTTP Server, DeSmuME, FCEUX, Godot Engine, IPP Samples, Miranda NG, OpenSSL, eMule Plus.
V533 It is likely that a wrong variable is being incremented inside the 'for' operator. Consider reviewing 'X'.
Doom 3, Godot Engine, Simple DirectMedia Layer, Unreal Engine 4.
V534 It is likely that a wrong variable is being compared inside the 'for' operator. Consider reviewing 'X'.
Coin3D, Oracle VM Virtual Box, Source Engine SDK.
V535 The variable 'X' is being used for this loop and for the outer loop.
Doom 3, Haiku Operation System, IPP Samples, Lugaru, OGRE, Visualization Toolkit (VTK), Wine Is Not an Emulator.
V536 Be advised that the utilized constant value is represented by an octal form.
Chromium, Linux Kernel 3.18.1 Stable, Micro-Manager, Miranda IM, PostgreSQL Database Management System, TortoiseGit, eLynx Image Processing SDK and Lab.
V537 Consider reviewing the correctness of 'X' item's usage.
Blender, IPP Samples, Miranda IM, Quake-III-Arena, ReactOS, Source Engine SDK, Trinity Core.
V540 Member 'x' should point to string terminated by two 0 characters.
Chromium, Fennec Media, WinSCP.
V541 It is dangerous to print the string into itself.
CAMEL, Mozilla Firefox, PCSX2, Scilab, TinyCAD, UCSniff.
V542 Consider inspecting an odd type cast: 'Type1' to ' Type2'.
Miranda IM.
V543 It is odd that value 'X' is assigned to the variable 'Y' of HRESULT type.
Oracle VM Virtual Box, Unreal Engine 4, WinMerge.
V545 Such conditional expression of 'if' operator is incorrect for the HRESULT type value 'Foo'. The SUCCEEDED or FAILED macro should be used instead.
LibreOffice, Qt, VirtualDub.
V546 Member of a class is initialized by itself: 'Foo(Foo)'.
Boost (C++ libraries).
V547 Expression is always true/false.
ADAPTIVE Communication Environment (ACE), Apache HTTP Server, Apple II emulator, Asterisk, BCmenu, Boost (C++ libraries), CLucene, CamStudio, Chromium, Cocos2d-x, CoreCLR, CrashRpt library, ...
V548 Consider reviewing type casting. TYPE X[][] in not equivalent to TYPE **X.
Haiku Operation System.
V549 The 'first' argument of 'Foo' function is equal to the 'second' argument.
Chromium, CryEngine 3 SDK, Micro-Manager, Miranda NG, Open Metronome, ReactOS.
V550 An odd precise comparison. It's probably better to use a comparison with defined precision: fabs(A - B) < Epsilon or fabs(A - B) > Epsilon.
CAMEL, ffdshow.
V554 Incorrect use of smart pointer.
Boost (C++ libraries), Chromium, Haiku Operation System.
V555 The expression of the 'A - B > 0' kind will work as 'A != B'.
K Desktop Environment, OpenJPEG, OpenSSL, PHP:Hypertext Preprocessor, Scilab, Trans-Proteomic Pipeline, Wine Is Not an Emulator.
V556 The values of different enum types are compared.
Clang, Linux Kernel 3.18.1 Stable, Source Engine SDK, TortoiseGit, Unreal Engine 4, Windows 8 Driver Samples, XUIFramework.
V557 Array overrun is possible.
Blender, CAMEL, CMake, Chromium, Coin3D, Doom 3, Dynamic Universal Music Bibliotheque, Energy Checker SDK, FFmpeg, FlightGear, Geant4 software, Godot Engine, ...
V558 Function returns the pointer/reference to temporary local object.
Geant4 software, SeqAn, VirtualDub.
V559 Suspicious assignment inside the condition expression of 'if/while/for' operator.
Data Distribution Service, Intel AMT SDK, Miranda IM, Miranda NG, Scilab.
V560 A part of conditional expression is always true/false.
Apache HTTP Server, Apple II emulator, CxImage, DeSmuME, Fireflies, Gamer_Z eXtreme Party, LibRaw, Lugaru, Miranda IM, Miranda NG, MongoDB, Multi Theft Auto, ...
V561 It's probably better to assign value to 'foo' variable than to declare it anew.
FCEUX, FlightGear, Godot Engine, Oracle VM Virtual Box, Unreal Engine 4, Vscap.
V562 It's odd to compare a bool type value with a value of N.
Blender, Haiku Operation System, ReactOS, Spvolren, Windows 8 Driver Samples.
V563 It is possible that this 'else' branch must apply to the previous 'if' statement.
BCmenu, PeerBlock, Squirrel, Trans-Proteomic Pipeline.
V564 The '&' or '|' operator is applied to bool type value. You've probably forgotten to include parentheses or intended to use the '&&' or '||' operator.
Battle for Wesnoth, Blender, Chromium, DOSBox, Doom 3, FCEUX, FFmpeg, K Desktop Environment, MySQL, Network Security Services (NSS), OpenMW, Unreal Engine 4, ...
V565 An empty exception handler. Silent suppression of exceptions can hide the presence of bugs in source code during testing.
G3D Content Pak.
V567 Undefined behavior. The variable is modified while being used twice between sequence points.
Apple II emulator, AssaultCube Reloaded, Chromium, CryEngine 3 SDK, Doom 3, Fennec Media, Gamer_Z eXtreme Party, Godot Engine, IPP Samples, Miranda IM, Miranda NG, Network Security Services (NSS), ...
V568 It's odd that the argument of sizeof() operator is the expression.
Apache HTTP Server, Asterisk, CxImage, Energy Checker SDK, FCEUX, Haiku Operation System, Miranda IM, OpenCV, ReactOS, Wolfenstein 3D.
V570 The variable is assigned to itself.
Chromium, Coin3D, CryEngine 3 SDK, FreeCAD, Linux Kernel 3.18.1 Stable, OpenCV, OpenJPEG, Qt, Quake-III-Arena, ReactOS, TortoiseGit, Unreal Engine 4, ...
V571 Recurring check. This condition was already verified in previous line.
Asterisk, Blender, CoreCLR, CryEngine 3 SDK, Energy Checker SDK, IPP Samples, Micro-Manager, Miranda NG, Multi Theft Auto, Notepad++, Qt, SeqAn, ...
V572 It is odd that the object which was created using 'new' operator is immediately cast to another type.
Cocos2d-x, wxWidgets.
V573 Uninitialized variable 'Foo' was used. The variable was used to initialize itself.
Firebird, Multi Theft Auto, Word for Windows 1.1a.
V575 Function receives an odd argument.
Doom 3, Fennec Media, Firebird, G3D Content Pak, Haiku Operation System, Miranda IM, Miranda NG, Mozilla Firefox, Multi Theft Auto, ReactOS, Scilab, WinSCP, ...
V576 Incorrect format. Consider checking the N actual argument of the 'Foo' function.
Apache Xerces Project, Apple II emulator, Cairo, CamStudio, Chromium, Cocos2d-x, Coin3D, CryEngine 3 SDK, DeSmuME, Doom 3, Energy Checker SDK, Far Manager, ...
V578 An odd bitwise operation detected. Consider verifying it.
V579 The 'Foo' function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the N argument.
ADAPTIVE Communication Environment (ACE), APR, Apache HTTP Server, Blender, CamStudio, Chromium, CoreCLR, Dolphin Emulator, Doom 3, Far Manager, Firebird, MAME, ...
V581 The conditional expressions of the 'if' operators situated alongside each other are identical.
Asterisk, Chromium, LibreOffice, MongoDB, Unreal Engine 4, WebM.
V583 The '?:' operator, regardless of its conditional expression, always returns one and the same value.
Cocos2d-x, Haiku Operation System, MAME, Miranda NG, Oracle VM Virtual Box, Scilab, Spring Engine.
V584 The same value is present on both sides of the operator. The expression is incorrect or it can be simplified.
Asterisk, Far Manager.
V586 The 'Foo' function is called twice for deallocation of the same resource.
Blender, Miranda NG, OpenMW, VNL.
V587 An odd sequence of assignments of this kind: A = B; B = A;.
LibreOffice, Mozilla Firefox, Windows 8 Driver Samples.
V588 The expression of the 'A =+ B' kind is utilized. Consider reviewing it, as it is possible that 'A += B' was meant.
Libxml2, Trans-Proteomic Pipeline.
V590 Consider inspecting this expression. The expression is excessive or contains a misprint.
CoreCLR, FCEUX, GNU C Library, Godot Engine, Haiku Operation System, ICU, LibreOffice, Linux Kernel 3.18.1 Stable, Notepad++, ReactOS, Stickies, Tesseract, ...
V591 Non-void function should return a value.
Haiku Operation System, Quake-III-Arena, SETI@home, Unreal Engine 4.
V592 The expression was enclosed by parentheses twice: ((expression)). One pair of parentheses is unnecessary or misprint is present.
Spring Engine, wxWidgets.
V593 Consider reviewing the expression of the 'A = B == C' kind. The expression is calculated as following: 'A = (B == C)'.
FFmpeg, Haiku Operation System, K Desktop Environment, LibRaw, Linux Kernel 3.18.1 Stable, Mozilla Firefox, Opus, PuTTY, Qt, ReactOS, SETI@home, TortoiseGit, ...
V594 The pointer steps out of array's bounds.
V595 The pointer was utilized before it was verified against nullptr.
ADAPTIVE Communication Environment (ACE), ANGLE, Apache Xerces Project, Apple II emulator, Asterisk, Blender, Chromium, Clang, Cocos2d-x, Coin3D, CoreCLR, CryEngine 3 SDK, ...
V596 The object was created but it is not being used. The 'throw' keyword could be missing.
FlightGear, FreeCAD, Geant4 software, Multi Theft Auto, OpenMS, OpenMW.
V597 The compiler could delete the 'memset' function call, which is used to flush 'Foo' buffer. The RtlSecureZeroMemory() function should be used to erase the private data.
APR, Apache HTTP Server, Asterisk, CamStudio, Crypto++, Dolphin Emulator, GNU C Library, Haiku Operation System, LibreOffice, Linux Kernel 3.18.1 Stable, Miranda NG, NetXMS, ...
V598 The 'memset/memcpy' function is used to nullify/copy the fields of 'Foo' class. Virtual table pointer will be damaged by this.
Coin3D, CoreCLR, IPP Samples, Miranda NG, SlimDX.
V599 The virtual destructor is not present, although the 'Foo' class contains virtual functions.
ANGLE, FreeCAD, Miranda NG, Multi Theft Auto, Source Engine SDK, Synergy, TortoiseGit, Trans-Proteomic Pipeline, VirtualDub, WinMerge, ffdshow.
V600 Consider inspecting the condition. The 'Foo' pointer is always not equal to NULL.
Firebird, ITK, Multi Theft Auto, Notepad++, OpenSSL.
V601 An odd implicit type casting.
IPP Samples, Micro-Manager, WebPagetest.
V603 The object was created but it is not being used. If you wish to call constructor, 'this->Foo::Foo(....)' should be used.
Google-Breakpad, LibreOffice, OpenCOLLADA, Trans-Proteomic Pipeline, eMule Plus.
V604 It is odd that the number of iterations in the loop equals to the size of the pointer.
Windows 8 Driver Samples.
V605 Consider verifying the expression. An unsigned value is compared to the number -NN.
PHP:Hypertext Preprocessor, VirtualDub.
V606 Ownerless token 'Foo'.
Oracle VM Virtual Box, RunAsAdmin Explorer Shim, Windows 8 Driver Samples.
V607 Ownerless expression 'Foo'.
Boost (C++ libraries), CryEngine 3 SDK, Eigen, Godot Engine, IPP Samples, Miranda NG, TortoiseSVN, Trans-Proteomic Pipeline, Unreal Engine 4, Windows 8 Driver Samples.
V609 Divide or mod by zero.
V610 Undefined behavior. Check the shift operator.
Apple II emulator, Blender, Chromium, Clang, CoreCLR, DeSmuME, FAAC, FFmpeg, Firebird, FlightGear, GNU C Library, Game_Music_Emu library, ...
V611 The memory allocation and deallocation methods are incompatible.
Apache Xerces Project, CxImage, LibreOffice, Miranda IM, Miranda NG, Mozilla Firefox, Multi Theft Auto, Newton Game Dynamics, OpenCOLLADA, OpenCV, Oracle VM Virtual Box, Skia Graphics Engine, ...
V612 An unconditional 'break/continue/return/goto' within a loop.
Bitcoin, Chromium, Clang, CryEngine 3 SDK, D programming language, Data Distribution Service, Firebird, Geant4 software, K Desktop Environment, LibreOffice, Miranda NG, NetXMS, ...
V614 Uninitialized variable 'Foo' used.
APR, Apache HTTP Server, Chromium, Embedded SSL Library, FFmpeg, Firebird, GNU C Library, Geant4 software, Godot Engine, IPP Samples, MPC-HC, Miranda NG, ...
V616 The 'Foo' named constant with the value of 0 is used in the bitwise operation.
LibreOffice, Mozilla Firefox, Unreal Engine 4.
V617 Consider inspecting the condition. An argument of the '|' bitwise operation always contains a non-zero value.
ABackup, Multi Theft Auto, OpenSSL, ResizableLib, WebRTC, Word for Windows 1.1a, ffdshow.
V618 It's dangerous to call the 'Foo' function in such a manner, as the line being passed could contain format specification. The example of the safe code: printf(\"%s\", str);
Apple II emulator, CryEngine 3 SDK, LibreOffice, Miranda NG, Source Engine SDK, TortoiseSVN, WinSCP.
V620 It's unusual that the expression of sizeof(T)*N kind is being summed with the pointer to T type.
Apache Xerces Project, Miranda NG, Snes9x.
V621 Consider inspecting the 'for' operator. It's possible that the loop will be executed incorrectly or won't be executed at all.
Geant4 software, Haiku Operation System, PuTTY, SETI@home, Scilab, Unreal Engine 4.
V622 Consider inspecting the 'switch' statement. It's possible that the first 'case' operator is missing.
K Desktop Environment, Miranda NG.
V624 The constant NN is being utilized. The resulting value could be inaccurate. Consider using the M_NN constant from <math.h>.
Geant4 software, OpenMS, ffdshow.
V625 Consider inspecting the 'for' operator. Initial and final values of the iterator are the same.
LibreOffice, Synergy.
V626 Consider checking for misprints. It's possible that ',' should be replaced by ';'.
LibreOffice, Oracle VM Virtual Box.
V627 Consider inspecting the expression. The argument of sizeof() is the macro which expands to a number.
Data Distribution Service, Network Security Services (NSS), Samba, WebRTC.
V628 It's possible that the line was commented out improperly, thus altering the program's operation logics.
Spring Engine, Trans-Proteomic Pipeline.
V629 Consider inspecting the expression. Bit shifting of the 32-bit value with a subsequent expansion to the 64-bit type.
Bitcoin, Clang, SMHasher, SeqAn, Snes9x, Tesseract, The JUCE Library, Unreal Engine 4, Xpdf.
V630 The 'malloc' function is used to allocate memory for an array of objects which are classes containing constructors/destructors.
Cocos2d-x, Haiku Operation System.
V631 Consider inspecting the 'Foo' function call. Defining an absolute path to the file or directory is considered a poor style.
NetXMS, VirtualDub, ffdshow.
V634 The priority of the '+' operation is higher than that of the '<<' operation. It's possible that parentheses should be used in the expression.
Haiku Operation System.
V635 Consider inspecting the expression. The length should probably be multiplied by the sizeof(wchar_t).
Miranda NG, WinMerge.
V636 The expression was implicitly cast from integer type to real type. Consider utilizing an explicit type cast to avoid overflow or loss of a fractional part.
Cocos2d-x, Coin3D, CxImage, Data Distribution Service, FFmpeg, FlightGear, Geant4 software, Micro-Manager, Miranda NG, OpenMS, Qt, Source Engine SDK, ...
V637 Two opposite conditions were encountered. The second condition is always false.
Chromium, CoreCLR, K Desktop Environment, OpenCV, TinyCAD, TortoiseGit, Unreal Engine 4, VirtualDub.
V638 A terminal null is present inside a string. The '\\0xNN' characters were encountered. Probably meant: '\\xNN'.
Linux Kernel 3.18.1 Stable, Oracle VM Virtual Box.
V639 Consider inspecting the expression for function call. It is possible that one of the closing ')' brackets was positioned incorrectly.
CryEngine 3 SDK, Eigen, LibreOffice.
V640 The code's operational logic does not correspond with its formatting.
Chromium, EA WebKit, FFmpeg, Geant4 software, Haiku Operation System, Miranda NG, Oracle VM Virtual Box, ReactOS, Spring Engine, Windows 8 Driver Samples, XUIFramework, Xpdf, ...
V641 The size of the allocated memory buffer is not a multiple of the element size.
Miranda NG.
V642 Saving the function result inside the 'byte' type variable is inappropriate. The significant bits could be lost breaking the program's logic.
Firebird, Linux Kernel 3.18.1 Stable, ReactOS, Xpdf.
V643 Unusual pointer arithmetic. The value of the 'char' type is being added to the string pointer.
Spring Engine.
V645 The function call could lead to the buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold.
ICU, Miranda NG, Multi Theft Auto, ReactOS.
V646 Consider inspecting the application's logic. It's possible that 'else' keyword is missing.
Geant4 software, Haiku Operation System, K Desktop Environment, Simple DirectMedia Layer, Spring Engine, VirtualDub.
V648 Priority of the '&&' operation is higher than that of the '||' operation.
Oracle VM Virtual Box, Wolfenstein 3D.
V649 There are two 'if' statements with identical conditional expressions. The first 'if' statement contains function return. This means that the second 'if' statement is senseless.
Coin3D, Micro-Manager, Miranda IM, RunAsAdmin Explorer Shim, Wolfenstein 3D.
V650 Type casting operation is utilized 2 times in succession. Next, the '+' operation is executed. Probably meant: (T1)((T2)a + b).
Wine Is Not an Emulator.
V653 A suspicious string consisting of two parts is used for array initialization. It is possible that a comma is missing.
V654 The condition of loop is always true/false.
Apache HTTP Server, K Desktop Environment, Linux Kernel 3.18.1 Stable, Miranda NG, Oracle VM Virtual Box, Unreal Engine 4, WebRTC.
V655 The strings were concatenated but are not utilized. Consider inspecting the expression.
FreeCAD, K Desktop Environment, Scilab.
V656 Variables are initialized through the call to the same function. It's probably an error or un-optimized code.
Doom 3, LibreOffice, Qt, ReactOS.
V662 Consider inspecting the loop expression. Different containers are utilized for setting up initial and final values of the iterator.
Rhino (JavaScript engine).
V663 Infinite loop is possible. The 'cin.eof()' condition is insufficient to break from the loop. Consider adding the '' function call to the conditional expression.
Grassroots DICOM library (GDCM), ITK, OpenMW, POCO C++ Libraries, SETI@home.
V665 Possibly, the usage of '#pragma warning(default: X)' is incorrect in this context. The '#pragma warning(push/pop)' should be used instead.
Chromium, Crash Server Library, Data Distribution Service, Multi Theft Auto, Newton Game Dynamics, PostgreSQL Database Management System, SlimDX, Source Engine SDK, TortoiseGit, TortoiseSVN, Windows 8 Driver Samples.
V666 Consider inspecting NN argument of the function 'Foo'. It is possible that the value does not correspond with the length of a string which was passed with the YY argument.
Geant4 software, ITK, LibreOffice, OpenSSL, Scilab, Source Engine SDK, Spring Engine, Trans-Proteomic Pipeline.
V668 There is no sense in testing the pointer against null, as the memory was allocated using the 'new' operator. The exception will be generated in the case of memory allocation error.
ADAPTIVE Communication Environment (ACE), ANGLE, Chromium, Cocos2d-x, CoreCLR, CryEngine 3 SDK, FlightGear, Geant4 software, Hunspell, ICU, ITK, JavaScriptCore, ...
V669 The argument is a non-constant reference. The analyzer is unable to determine the position at which this argument is being modified. It is possible that the function contains an error.
CryEngine 3 SDK, Micro-Manager, WinMerge.
V670 An uninitialized class member is used to initialize another member. Remember that members are initialized in the order of their declarations inside a class.
CoreCLR, Tesseract, Unreal Engine 4.
V671 It is possible that the 'swap' function interchanges a variable with itself.
Haiku Operation System.
V672 There is probably no need in creating a new variable here. One of the function's arguments possesses the same name and this argument is a reference.
Haiku Operation System.
V673 More than N bits are required to store the value, but the expression evaluates to the T type which can only hold K bits.
V674 The expression contains a suspicious mix of integer and real types.
FlightGear, Geant4 software, Godot Engine, LibreOffice, Source Engine SDK, Unreal Engine 4.
V676 It is incorrect to compare the variable of BOOL type with TRUE.
Apple II emulator, CryEngine 3 SDK, Firebird, VirtualDub.
V677 Custom declaration of a standard type. The declaration from system header files should be used instead.
Miranda NG, SlimDX.
V678 An object is used as an argument to its own method. Consider checking the first actual argument of the 'Foo' function.
V681 The language standard does not define an order in which the 'Foo' functions will be called during evaluation of arguments.
Wine Is Not an Emulator.
V684 A value of variable is not modified. Consider inspecting the expression. It is possible that '1' should be present instead of '0'.
V8 JavaScript Engine.
V690 The class implements a copy constructor/operator=, but lacks the operator=/copy constructor.
V692 An inappropriate attempt to append a null character to a string. To determine the length of a string by 'strlen' function correctly, a string ending with a null terminator should be used in the first place.
Haiku Operation System, Linux Kernel 3.18.1 Stable, Wine Is Not an Emulator.
V694 The condition (ptr - const_value) is only false if the value of a pointer equals a magic constant.
Miranda NG.
V695 Range intersections are possible within conditional expressions.
Linux Kernel 3.18.1 Stable.
V696 The 'continue' operator will terminate 'do { ... } while (FALSE)' loop because the condition is always false.
Cocos2d-x, Haiku Operation System, Linux Kernel 3.18.1 Stable.
V698 strcmp()-like functions can return not only the values -1, 0 and 1, but any values.
V700 Consider inspecting the 'T foo = foo = x;' expression. It is odd that variable is initialized through itself.
Apple II emulator, CoreCLR, Unreal Engine 4.
V701 realloc() possible leak: when realloc() fails in allocating memory, original pointer is lost. Consider assigning realloc() to a temporary pointer.
K Desktop Environment, LibreOffice, Spring Engine.
V704 'this == 0' comparison should be avoided - this comparison is always false on newer compilers.
CoreCLR, Miranda NG.
V705 It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics.
K Desktop Environment, Linux Kernel 3.18.1 Stable, Miranda NG.
V706 Suspicious division: sizeof(X) / Value. Size of every element in X array does not equal to divisor.
Haiku Operation System.
V711 It is dangerous to create a local variable within a loop with a same name as a variable controlling this loop.
Haiku Operation System.
V712 Be advised that compiler may delete this cycle or make it infinity. Use volatile variable(s) or synchronization primitives to avoid this.
G3D Content Pak, IPP Samples.
V713 The pointer was utilized in the logical expression before it was verified against nullptr in the same logical expression.
EchoVNC, GeoShell, Haiku Operation System, Linux Kernel 3.18.1 Stable, Miranda IM, Miranda NG, Notepad++, ffdshow.
V716 Suspicious type conversion: HRESULT -> BOOL (BOOL -> HRESULT).
V718 The 'Foo' function should not be called from 'DllMain' function.
V721 The VARIANT_BOOL type is utilized incorrectly. The true value (VARIANT_TRUE) is defined as -1.
V726 An attempt to free memory containing the 'int A[10]' array by using the 'free(A)' function.
CamStudio, Shareaza.