Examples of errors detected by the V547 diagnostic.

V547. Expression is always true/false.


Shareaza

V547 Expression 'pBytes [ 0 ] == 0xEF' is always false. The value range of signed char type: [-128, 127]. Shareaza remote.cpp 350

V547 Expression 'pBytes [ 1 ] == 0xBB' is always false. The value range of signed char type: [-128, 127]. Shareaza remote.cpp 350

V547 Expression 'pBytes [ 2 ] == 0xBF' is always false. The value range of signed char type: [-128, 127]. Shareaza remote.cpp 350


void CRemote::Output(LPCTSTR pszName)
{

  ...
  CHAR* pBytes = new CHAR[ nBytes ];
  hFile.Read( pBytes, nBytes );
  ...
  if ( nBytes > 3 &&
       pBytes[0] == 0xEF &&
       pBytes[1] == 0xBB &&
       pBytes[2] == 0xBF )
  {
    pBytes += 3;
    nBytes -= 3;
    bBOM = true;
  }
  ...
}

Shareaza

V547 Expression is always false. Unsigned type value is never < 0. BugTrap encoding.cpp 425


size_t UTF16BeDecodeChar(BYTE* pBytes, size_t nNumBytes,
                         TCHAR arrChar[2], size_t& nCharSize)
{
  if (UTF16BeToLeChar(pBytes, nNumBytes) < 0)
  {
    nCharSize = MAXSIZE_T;
    return 0;
  }
  return UTF16LeDecodeChar(pBytes, nNumBytes,
                           arrChar, nCharSize);
}

In case of an error, the UTF16BeToLeChar() function returns MAXSIZE_T. This case will be handled incorrectly.


Shareaza

V547 Expression 'nCharPos >= 0' is always true. Unsigned type value is always >= 0. BugTrap xmlreader.h 946


inline void CXmlReader::CXmlInputStream::UnsafePutCharsBack(
  const TCHAR* pChars, size_t nNumChars)
{
  if (nNumChars > 0)
  {
    for (size_t nCharPos = nNumChars - 1;
         nCharPos >= 0;
         --nCharPos)
      UnsafePutCharBack(pChars[nCharPos]);
  }
}

Infinite loop.


VirtualDub

V547 Expression 'c < 0' is always false. Unsigned type value is never < 0. Ami lexer.cpp 225


typedef unsigned short wint_t;

void lexungetc(wint_t c) {
  if (c < 0)
    return;

  g_backstack.push_back(c);
}

VirtualDub

V547 Expression 'c < 0' is always false. Unsigned type value is never < 0. Ami lexer.cpp 279


typedef unsigned short wint_t;

wint_t lexgetescape() {
  wint_t c = lexgetc();
  if (c < 0)
    fatal("Newline found in escape sequence");
  ...
}

Geocoding with SQL-Server

V547 Expression '* s > 127' is always false. The value range of signed char type: [-128, 127]. Shp2Xml shp2xml.cpp 18


char *chkXml(char *buf) {
 for (char *s = buf; *s; s++)
   if (*s == '&') *s = '/';
   ....
   else if (*s > 127) *s = '~';
 return buf;
}

Ultimate TCP/IP

V547 Expression '( len - indx ) >= 0' is always true. Unsigned type value is always >= 0. UTDns utstrlst.cpp 58


void CUT_StrMethods::RemoveCRLF(LPSTR buf)
{
  // v4.2 changed to size_t
  size_t  len, indx = 1;
  if(buf != NULL){
    len = strlen(buf);
    while((len - indx) >= 0 && indx <= 2) {
      if(buf[len - indx] == '\r' ||
         buf[len - indx] == '\n')
         buf[len - indx] = 0;
      ++indx;
    }
  }
}

This is an example of potential vulnerability. When processing an empty string, the (len - indx) expression will equal 0xFFFFFFFFu. The value 0xFFFFFFFFu is above 0. An array overrun will occur.

Identical errors can be found in some other places:

  • V547 Expression '( len - indx ) >= 0' is always true. Unsigned type value is always >= 0. UTDns utstrlst.cpp 75

Ultimate TCP/IP

V547 Expression 'loop >= 0' is always true. Unsigned type value is always >= 0. UTDns utstrlst.cpp 430


void CUT_StrMethods::RemoveSpaces(LPSTR szString) {
  ...
  size_t loop, len = strlen(szString);
  // Remove the trailing spaces
  for(loop = (len-1); loop >= 0; loop--) {
    if(szString[loop] != ' ')
      break;
  }
  ...
}

An example of potential vulnerability. If a string contains only blanks, an array overrun will occur.

Identical errors can be found in some other places:

  • V547 Expression 'loop >= 0' is always true. Unsigned type value is always >= 0. UTDns utstrlst.cpp 458

Ultimate TCP/IP

V547 Expression 'buf[t] > 127' is always false. The value range of signed char type: [-128, 127]. UTImap4 utmime.cpp 320


int CUT_MimeEncode::Encode7bit(....)
{
  ...
  char buf[1000];
  ...
  for ( t=0; t<bytesRead; t++ ) {
    if (buf[t]==0 || buf[t]>127) {
      retval = UTE_ENCODING_INVALID_CHAR;
      break;
    }
  ...
}

Ultimate Toolbox

V547 Expression 'lpDrawItemStruct -> itemID >= 0' is always true. Unsigned type value is always >= 0. UT oxautolistbox.cpp 56


void COXAutoListBox::DrawItem(....)
{
  ...
  if (lpDrawItemStruct->itemID>=0)
  {
    ...
  }
  ...
}

Most likely this is what should be written here: (lpDrawItemStruct->itemID != (UINT)(-1))


Ultimate Toolbox

V547 Expression 'lpms -> itemID < 0' is always false. Unsigned type value is never < 0. UT oxcoolcombobox.cpp 476


void COXCoolComboBox::MeasureItem(....)
{
  if(lpms->itemID<0)
    lpms->itemHeight=m_nDefaultFontHeight+1;
  else
    lpms->itemHeight=
      m_nDefaultFontHeightSansLeading+1;
}

Ultimate Toolbox

V547 Expression 'chNewChar >= 128' is always false. The value range of signed char type: [-128, 127]. UT oxmaskededit.cpp 81

V547 Expression 'chNewChar <= 255' is always true. The value range of signed char type: [-128, 127]. UT oxmaskededit.cpp 81


BOOL CMaskData::IsValidInput(TCHAR chNewChar)
{
   ...
  if((chNewChar >= 128) && (chNewChar <= 255))
    bIsValidInput=TRUE ;
  ...
}

Ultimate Toolbox

V547 Expression 'm_nCurrentIndex - nOffset < 0' is always false. Unsigned type value is never < 0. UT oxprocess.cpp 594


int m_nCurrentIndex;
...
BOOL COXProcessIterator::Prev(UINT nOffset)
{
  ...
  if(m_nCurrentIndex-nOffset<0)
    return FALSE;
  ...
}

Since the "m_nCurrentIndex-nOffset" expression has the unsigned type, it can never be below 0.


TortoiseSVN

V547 Expression 'c >= 0x80' is always false. The value range of signed char type: [-128, 127]. pathutils.cpp 559


CString CPathUtils::PathUnescape (const char* path)
{
  // try quick path
  size_t i = 0;
  for (; char c = path[i]; ++i)
    if ((c >= 0x80) || (c == '%'))
    {
      // quick path does not work for
      // non-latin or escaped chars
      std::string utf8Path (path);
      CPathUtils::Unescape (&utf8Path[0]);
      return CUnicodeUtils::UTF8ToUTF16 (utf8Path);
    }
  ...
}

TortoiseSVN

V547 Expression '* utf8CheckBuf == 0xC0' is always false. The value range of signed char type: [-128, 127]. tortoiseblame.cpp 310

V547 Expression '* utf8CheckBuf == 0xC1' is always false. The value range of signed char type: [-128, 127]. tortoiseblame.cpp 311

V547 Expression '* utf8CheckBuf >= 0xF5' is always false. The value range of signed char type: [-128, 127]. tortoiseblame.cpp 312


BOOL TortoiseBlame::OpenFile(const TCHAR *fileName)
{
  ...
  // check each line for illegal utf8 sequences.
  // If one is found, we treat
  // the file as ASCII, otherwise we assume
  // an UTF8 file.
  char * utf8CheckBuf = lineptr;
  while ((bUTF8)&&(*utf8CheckBuf))
  {
    if ((*utf8CheckBuf == 0xC0)||
        (*utf8CheckBuf == 0xC1)||
        (*utf8CheckBuf >= 0xF5))
    {
      bUTF8 = false;
      break;
    }

   ...
  }
  ...
}

TortoiseSVN

V547 Expression 'endRevision < 0' is always false. Unsigned type value is never < 0. cachelogquery.cpp 999


typedef index_t revision_t;
...
void CCacheLogQuery::InternalLog (
   revision_t startRevision
 , revision_t endRevision
 , const CDictionaryBasedTempPath& startPath
 , int limit
 , const CLogOptions& options)
{
  ...
  // we cannot receive logs for rev < 0
  if (endRevision < 0)
    endRevision = 0;

  ...
}

Negative values simply cannot appear here. The endRevision variable has the unsigned type and, therefore, endRevision is always >=0. The potential danger is this: if a negative value was cast to the unsigned type somewhere before, we will be handling a very big number. And there's no check for that.


TraceTool

V547 Expression '(m_socketHandle = socket (2, 1, 0)) < 0' is always false. Unsigned type value is never < 0. Vs8_Win_Lib tracetool.cpp 871


static UINT_PTR m_socketHandle ;

void TTrace::LoopMessages(void)
{
  ...
  // Socket creation
  if ( (m_socketHandle = socket(AF_INET,SOCK_STREAM,0)) < 0)
  {
    continue;
  }
  ...
}

FCEUX

V547 Expression 'x < 0' is always false. Unsigned type value is never < 0. fceux gui.cpp 32

V547 Expression 'y < 0' is always false. Unsigned type value is never < 0. fceux gui.cpp 33


void CenterWindow(HWND hwndDlg)
{
  ...
  unsigned x = ((rectP.right-rectP.left) - width) / 2 +
               rectP.left;
  unsigned y = ((rectP.bottom-rectP.top) - height) / 2 +
               rectP.top;
  ...
  // make sure that the dialog box never moves outside
  // of the screen
  if(x < 0) x = 0;
  if(y < 0) y = 0;
  if(x + width  > screenwidth)  x = screenwidth  - width;
  if(y + height > screenheight) y = screenheight - height;
  ...
}

IPP Samples

V547 Expression '* pTrack >= 0' is always true. Unsigned type value is always >= 0. demuxer umc_stream_parser.cpp 179


typedef signed int     Ipp32s;
typedef unsigned int   Ipp32u;

Ipp32s StreamParser::GetTrackByPidOrCreateNew(Ipp32s iPid,
                                              bool *pIsNew)
{
  ...
  else if (!pIsNew || m_uiTracks >= MAX_TRACK)
    return -1;
  ...
}

Status StreamParser::GetNextData(MediaData *pData,
                                 Ipp32u *pTrack)
{
  ...
  *pTrack = GetTrackByPidOrCreateNew(m_pPacket->iPid, NULL);

  if (*pTrack >= 0 && TRACK_LPCM == m_pInfo[*pTrack]->m_Type)
    ippsSwapBytes_16u_I((Ipp16u *)pData->GetDataPointer(),
                        m_pPacket->uiSize / 2);
  ...
}

IPP Samples

V547 Expression 'memSize < 0' is always false. Unsigned type value is never < 0. vc1_enc umc_vc1_enc_planes.h 200


typedef unsigned int    Ipp32u;

UMC::Status Init(..., Ipp32u memSize, ...)
{
  ...
  memSize -= UMC::align_value<Ipp32u>(m_nFrames*sizeof(Frame));
  if(memSize < 0)
      return UMC::UMC_ERR_NOT_ENOUGH_BUFFER;
  ...
}

Identical errors can be found in some other places:

  • V547 Expression 'memSize < 0' is always false. Unsigned type value is never < 0. vc1_enc umc_vc1_enc_planes.h 211
  • V547 Expression 'memSize < 0' is always false. Unsigned type value is never < 0. vc1_enc umc_vc1_enc_planes.h 211
  • V547 Expression 'memSize < 0' is always false. Unsigned type value is never < 0. vc1_enc umc_vc1_enc_mb.cpp 64
  • And 6 additional diagnostic messages.

IPP Samples

V547 Expression 'm_iCurrMBIndex - x < 0' is always false. Unsigned type value is never < 0. vc1_enc umc_vc1_enc_mb.cpp 188


Ipp32u m_iCurrMBIndex;

VC1EncoderMBInfo *
VC1EncoderMBs::GetPevMBInfo(Ipp32s x, Ipp32s y)
{
   Ipp32s row = (y>0)? m_iPrevRowIndex:m_iCurrRowIndex;
   return ((m_iCurrMBIndex - x <0 || row <0) ?
          0 :
          &m_MBInfo[row][m_iCurrMBIndex - x]);
}

Since the check doesn't work, we may easily get an array overrun.


DOSBox

V547 Expression is always true. Unsigned type value is always >= 0. dosbox libserial.cpp 155


void SERIAL_getErrorString(char* buffer, int length) {
  ...
  if((length - sysmsg_offset -
      strlen((const char*)sysmessagebuffer)) >= 0)
     memcpy(buffer + sysmsg_offset, sysmessagebuffer,
            strlen((const char*)sysmessagebuffer));
  ...
}

This is an example of unsafe code from the viewpoint of buffer overflows. The strlen() function returns size_t. It means that the check for buffer overflow doesn't work.


Miranda IM

V547 Expression 'newItem >= 0' is always true. Unsigned type value is always >= 0. avs options.cpp 265


INT_PTR CALLBACK DlgProcOptionsProtos(....)
{
  ...
  UINT64 newItem = 0;
  ...
  newItem = ListView_InsertItem(hwndList, &item;);
  if(newItem >= 0)
    ListView_SetCheckState(....);
  ...
}

Miranda IM

V547 Expression 'nGroupsCount < 0' is always false. Unsigned type value is never < 0. import mirabilis.c 1416


extern DWORD nMessagesCount;

static void MirabilisImport(HWND hdlgProgressWnd)
{
  ...
  nGroupsCount = ImportGroups();
  if (nGroupsCount < 0) {
    AddMessage( LPGEN("Group import was not completed."));
    nGroupsCount = 0;
  }
  ...
}

Miranda IM

V547 Expression 'wParam >= 0' is always true. Unsigned type value is always >= 0. clist_mw cluiframes.c 3140


typedef UINT_PTR WPARAM;

static int id2pos(int id)
{
  int i;
  if (FramesSysNotStarted) return -1;
  for (i=0;i<nFramescount;i++)
  {
    if (Frames[i].id==id) return(i);
  }
  return(-1);
}

INT_PTR CLUIFrameSetFloat(WPARAM wParam,LPARAM lParam)
{
  ...
  wParam=id2pos(wParam);
  if(wParam>=0&&(int)wParam<nFramescount)
    if (Frames[wParam].floating)
  ...
}

Miranda IM

V547 Expression is always true. Unsigned type value is always >= 0. scriver msgoptions.c 458


WINUSERAPI
UINT
WINAPI
GetDlgItemInt(
    __in HWND hDlg,
    __in int nIDDlgItem,
    __out_opt BOOL *lpTranslated,
    __in BOOL bSigned);

#define SRMSGSET_LIMITNAMESLEN_MIN 0

static INT_PTR CALLBACK DlgProcTabsOptions(....)
{
  ...
  limitLength =
    GetDlgItemInt(hwndDlg, IDC_LIMITNAMESLEN, NULL, TRUE) >=
    SRMSGSET_LIMITNAMESLEN_MIN ?
    GetDlgItemInt(hwndDlg, IDC_LIMITNAMESLEN, NULL, TRUE) :
    SRMSGSET_LIMITNAMESLEN_MIN;
  ...
}

Miranda IM

V547 Expression 'nOldLength < 0' is always false. Unsigned type value is never < 0. IRC mstring.h 229


void Append( PCXSTR pszSrc, int nLength )
{
  ...
  UINT nOldLength = GetLength();
  if (nOldLength < 0)
  {
    // protects from underflow
    nOldLength = 0;
  }
  ...
}

Miranda IM

V547 Expression 'ft->std.currentFileSize < 0' is always false. Unsigned type value is never < 0. jabber jabber_file.cpp 92


typedef struct tagPROTOFILETRANSFERSTATUS
{
  ...
  unsigned __int64 currentFileSize;
  ...
} PROTOFILETRANSFERSTATUS;

//There is this place in the program code:
ft->std.currentFileSize = -1;

void __cdecl CJabberProto::FileReceiveThread(filetransfer* ft)
{
  ...
  if (ft->state==FT_DONE ||
      ( ft->state==FT_RECEIVING && ft->std.currentFileSize < 0 ))
  ...
}

Identical errors can be found in some other places:

  • V547 Expression 'ft->std.currentFileSize < 0' is always false. Unsigned type value is never < 0. jabber jabber_file.cpp 168

StrongDC++

V547 Expression 'totalsize < 0' is always false. Unsigned type value is never < 0. client queuemanager.cpp 2230


uint64_t QueueManager::FileQueue::getTotalQueueSize(){
  uint64_t totalsize = 0;
  ...
  if(totalsize < 0)
    totalsize = 0;
  ...
}

Chromium

V547 Expression 'current_idle_time < 0' is always false. Unsigned type value is never < 0. browser idle_win.cc 23


IdleState CalculateIdleState(unsigned int idle_threshold) {
  ...
  DWORD current_idle_time = 0;
  ...
  // Will go -ve if we have been idle for
  // a long time (2gb seconds).
  if (current_idle_time < 0)
    current_idle_time = INT_MAX;
  ...
}

Chromium

V547 Expression 'count < 0' is always false. Unsigned type value is never < 0. ncdecode_tablegen ncdecode_tablegen.c 197


static void CharAdvance(char** buffer,
                        size_t* buffer_size,
                        size_t count) {
  if (count < 0) {
    NaClFatal("Unable to advance buffer by count!");
  } else {
  ...
}

ICU

V547 Expression '* string != 0 || * string != '_'' is always true. Probably the '&&' operator should be used here. icui18n ucol_sit.cpp 242


U_CDECL_BEGIN static const char* U_CALLCONV
_processVariableTop(....)
{
  ...
  if(i == locElementCapacity &&
     (*string != 0 || *string != '_')) {
    *status = U_BUFFER_OVERFLOW_ERROR;
  }
  ...
}

Network Security Services (NSS)

V547 Expression 'input.len < 0' is always false. Unsigned type value is never < 0. nss pk11merge.c 491


struct SECItemStr {
  ...
  unsigned int len;
};

static SECStatus
pk11_mergeSecretKey(....)
{
  ...
  if (input.len < 0) {
    rv = SECFailure;
    goto done;
  }
  ...
}

Qt

V547 Expression '-- size >= 0' is always true. Unsigned type value is always >= 0. QtCLucene arrays.h 154


bool equals( class1* val1, class2* val2 ) const{
{
  ...
  size_t size = val1->size();
  ...
  while ( --size >= 0 ){
    if ( !comp(*itr1,*itr2) )
      return false;
    itr1++;
    itr2++;
  }
  ...
}

An array overrun may surely occur.


Qt

V547 Expression 'q->getQueryName () != L"BooleanQuery"' is always true. To compare strings you should use wcscmp() function. QtCLucene multifieldqueryparser.cpp 44


const TCHAR* getQueryName() const;

Query* MultiFieldQueryParser::parse(....)
{
  ...
  if (q && (q->getQueryName() != _T("BooleanQuery")
  ...
}

Identical errors can be found in some other places:

  • V547 Expression 'q->getQueryName () != L"BooleanQuery"' is always true. To compare strings you should use wcscmp() function. QtCLucene multifieldqueryparser.cpp 63

MySQL

V547 Expression 'str [0] != 'a' || str [0] != 'A'' is always true. Probably the '&&' operator should be used here. clientlib my_time.c 340


enum enum_mysql_timestamp_type
str_to_datetime(....)
{
  ...
  else if (str[0] != 'a' || str[0] != 'A')
    continue; /* Not AM/PM */
  ...
}

Apache HTTP Server

V547 Expression 'len < 0' is always false. Unsigned type value is never < 0. aprutil apr_memcache.c 814


typedef  size_t      apr_size_t;

APU_DECLARE(apr_status_t) apr_memcache_getp(....)
{
  ...
  apr_size_t len = 0;
  ...
  len = atoi(length);
  ...
  if (len < 0) {
    *new_length = 0;
    *baton = NULL;
  }
  else {
    ...
  }
}

Apache HTTP Server

V547 Expression 'csd < 0' is always false. Unsigned type value is never < 0. libhttpd child.c 404


typedef UINT_PTR SOCKET;

static unsigned int __stdcall win9x_accept(void * dummy)
{
  SOCKET csd;
  ...
  do {
      clen = sizeof(sa_client);
      csd = accept(nsd, (struct sockaddr *) &sa_client, &clen;);
  } while (csd < 0 &&
           APR_STATUS_IS_EINTR(apr_get_netos_error()));
  ...
}

Intel AMT SDK

V547 Expression '_username == ""' is always false. To compare strings you should use strcmp() function. Discovery discoverysample.cpp 184


static char* _username = "";
static char* _password = "";
static char* _host = "";
static char* _hostMask = "";

if (((_username == "") && (_password != "")) ||
    ((_username != "") && (_password == "")))

This code is dangerous and incorrect. But sometimes it will work - when the whole code is in one module (one *.obj). The compiler will create only one empty string in memory.


Intel AMT SDK

V547 Expression 'bytesRead < 0' is always false. Unsigned type value is never < 0. RemoteConsole remote.c 173


int ReadFileData(char* fileName, UINT8 data[], size_t size)
{
  size_t fileSize , bytesRead;
  ...
  bytesRead = read(fileno(fileHandle), data, (int) size);

  if (bytesRead < 0)
  {
    printf("Error while Reading file %s : %s",
           fileName, strerror(errno));
    bytesRead = 0;
  }
  ...
}

Intel AMT SDK

V547 Expression 'bytesRead < 0' is always false. Unsigned type value is never < 0. ZTCLocalAgent heciwin.cpp 357


int HECIWin::_doIoctl(....)
{
  DWORD bytesRead = 0;
  ...
  if (bytesRead < 0) {
    Deinit();
  }
  ...
}

TrueCrypt

V547 Expression 'fileDataEndPos < 0' is always false. Unsigned type value is never < 0. Setup selfextract.c 551


BOOL SelfExtractInMemory (char *path)
{
  unsigned int fileDataEndPos = 0;
  ...
  if (fileDataEndPos < 0)
  {
    Error ("CANNOT_READ_FROM_PACKAGE");
    return FALSE;
  }
  ...
}

Identical errors can be found in some other places:

  • V547 Expression 'fileDataStartPos < 0' is always false. Unsigned type value is never < 0. Setup selfextract.c 560

ReactOS

V547 Expression is always false. Probably the '||' operator should be used here. ws2_32_new sockctrl.c 55


INT
WSAAPI
connect(IN SOCKET s,
        IN CONST struct sockaddr *name,
        IN INT namelen)
{
  ...
  /* Check if error code was due to the host not being found */
  if ((Status == SOCKET_ERROR) &&
      (ErrorCode == WSAEHOSTUNREACH) &&
      (ErrorCode == WSAENETUNREACH))
  {
  ...
}

ReactOS

V547 Expression is always true. Probably the '&&' operator should be used here. win32k arc.c 67


typedef enum _ARCTYPE
{
    GdiTypeArc,
    GdiTypeArcTo,
    GdiTypeChord,
    GdiTypePie,
} ARCTYPE, *PARCTYPE;

BOOL IntArc(....)
{
  ...
  if ((Left == Right) ||
      (Top == Bottom) ||
      (((arctype != GdiTypeArc) ||
        (arctype != GdiTypeArcTo)) &&
       ((Right - Left == 1) ||
       (Bottom - Top == 1))
      )
     )
      return TRUE;
  ...
}

Most likely this is what should be written here: (arctype != GdiTypeArc) && (arctype != GdiTypeArcTo)


ReactOS

V547 Expression 'LeftOfBuffer < 0' is always false. Unsigned type value is never < 0. svchost svchost.c 56


BOOL PrepareService(LPCTSTR ServiceName)
{
  DWORD LeftOfBuffer = sizeof(ServiceKeyBuffer) /
                       sizeof(ServiceKeyBuffer[0]);
  ....
  LeftOfBuffer -= _tcslen(SERVICE_KEY);
  ....
  LeftOfBuffer -= _tcslen(ServiceName);
  ....
  LeftOfBuffer -= _tcslen(PARAMETERS_KEY);
  ....
  if (LeftOfBuffer < 0)
  {
    DPRINT1("Buffer overflow for service name: '%s'\n",
            ServiceName);
    return FALSE;
  }
  ....
}

There are a lot of such fragments in ReactOS, but I cannot say for sure how critical they are.


ReactOS

V547 Expression '(Minor != 0x02) || (Minor != 0x13)' is always true. Probably the '&&' operator should be used here. ramdisk ramdisk.c 1955


#define IRP_MN_REMOVE_DEVICE      0x02
#define IRP_MN_QUERY_ID           0x13

NTSTATUS
RamdiskPnp(IN PDEVICE_OBJECT DeviceObject,
           IN PIRP Irp)
{
  ...
  // Only remove-device and query-id are allowed
  if ((Minor != IRP_MN_REMOVE_DEVICE) ||
      (Minor != IRP_MN_QUERY_ID))
  ...
}

This is what should have been written here: ((Minor == IRP_MN_REMOVE_DEVICE) || (Minor == IRP_MN_QUERY_ID))

Identical errors can be found in some other places:

  • V547 Expression is always true. Probably the '&&' operator should be used here. ntoskrnl section.c 1685
  • V547 Expression is always true. Probably the '&&' operator should be used here. fastfat create.c 456

ReactOS

V547 Expression is always false. Unsigned type value is never < 0. opengl32 font.c 1099


BOOL APIENTRY IntUseFontOutlinesW(....)
{
  ...
  if (GetGlyphOutline(hDC, glyphIndex, GGO_NATIVE,
       &glyphMetrics, glyphBufSize, glyphBuf, &matrix) < 0)
  {
    HeapFree(GetProcessHeap(), 0, glyphBuf);
    return FALSE; /*WGL_STATUS_FAILURE*/
  }
  ...
}

Identical errors can be found in some other places:

  • V547 Expression 'glyphSize < 0' is always false. Unsigned type value is never < 0. opengl32 font.c 1084

ReactOS

V547 Expression 'IntEaLength >= 0' is always true. Unsigned type value is always >= 0. ntoskrnl util.c 220


NTSTATUS
IoCheckEaBufferValidity(....)
{
  ULONG NextEaBufferOffset, IntEaLength;
  ...
  if (IntEaLength >= 0)
  {
    EaBufferEnd = (PFILE_FULL_EA_INFORMATION)
      ((ULONG_PTR)EaBufferEnd +
      EaBufferEnd->NextEntryOffset);
    continue;
  }
}

Identical errors can be found in some other places:

  • V547 Expression 'IntEaLength >= 0' is always true. Unsigned type value is always >= 0. ntoskrnl util.c 198

ReactOS

V547 Expression 'i < 512' is always true. The value range of unsigned char type: [0, 255]. freeldr_common xboxhw.c 344


static VOID
DetectBiosDisks(....)
{
  UCHAR DiskCount, i;
  ...
  for (i = 0; ! Changed && i < 512; i++)
  {
    Changed = ((PUCHAR)DISKREADBUFFER)[i] != 0xcd;
  }
  ...
}

An infinite loop will occur here if the first 255 bytes contain value 0xcd.

Identical errors can be found in some other places:

  • V547 Expression 'i < 512' is always true. The value range of unsigned char type: [0, 255]. freeldr_common hardware.c 826

ReactOS

V547 Expression 'ads->tcpsocket >= 0' is always true. Unsigned type value is always >= 0. adns setup.c 683


typedef UINT_PTR SOCKET;

#define ADNS_SOCKET SOCKET

struct adns__state {
  ...
  ADNS_SOCKET udpsocket, tcpsocket;
  ...
};

void adns_finish(adns_state ads) {
  ...
  if (ads->tcpsocket >= 0) adns_socket_close(ads->tcpsocket);
  ...
}

Identical errors can be found in some other places:

  • V547 Expression 'ads->udpsocket < 0' is always false. Unsigned type value is never < 0. adns setup.c 539
  • V547 Expression 'fd < 0' is always false. Unsigned type value is never < 0. adns event.c 117

Chromium

V547 Expression is always true. Probably the '&&' operator should be used here. webrtc_vplib interpolator.cc 119


WebRtc_Word32
interpolator::SupportedVideoType(VideoType srcVideoType,
                                 VideoType dstVideoType)
{
  ...
  if ((srcVideoType != kI420) ||
      (srcVideoType != kIYUV) ||
      (srcVideoType != kYV12))
  {
      return -1;
  }
  ...
}

Mozilla Firefox

V547 Expression 'c < 0' is always false. Unsigned type value is never < 0. updater.cpp 1179


int
PatchFile::LoadSourceFile(FILE* ofile)
{
  ...
  size_t c = fread(rb, 1, r, ofile);
  if (c < 0) {
    LOG(("LoadSourceFile: error reading destination file: "
         LOG_S "\n", mFile));
    return READ_ERROR;
  }
  ...
}

Identical errors can be found in some other places:

  • V547 Expression 'c < 0' is always false. Unsigned type value is never < 0. updater.cpp 2373
  • V547 Expression 'c < 0' is always false. Unsigned type value is never < 0. bspatch.cpp 107

Mozilla Firefox

V547 Expression is always true. Unsigned type value is always >= 0. exception_handler.cc 846


bool ExceptionHandler::WriteMinidumpForChild(....)
{
  ...
  DWORD last_suspend_cnt = -1;
  ...
  // this thread may have died already, so not opening
  // the handle is a non-fatal error
  if (NULL != child_thread_handle) {
    if (0 <=
        (last_suspend_cnt = SuspendThread(child_thread_handle)))
    {
  ...
}

Most likely this is what should be written here: (((DWORD) -1) != (last_suspend_cnt = SuspendThread(child_thread_handle))).

Identical errors can be found in some other places:

  • V547 Expression '0 <= last_suspend_cnt' is always true. Unsigned type value is always >= 0. exception_handler.cc 869

Mozilla Firefox

V547 Expression 'index < 0' is always false. Unsigned type value is never < 0. nsieprofilemigrator.cpp 622


PRBool
nsIEProfileMigrator::TestForIE7()
{
  ...
  PRUint32 index = ieVersion.FindChar('.', 0);
  if (index < 0)
    return PR_FALSE;
  ...
}

Notepad++

V547 Expression is always false. Probably the '||' operator should be used here. Notepad++ notepad_plus.cpp 4967


DWORD WINAPI Notepad_plus::threadTextPlayer(void *params)
{
  ...
  const char *text2display = ...;
  ...
  if (text2display[i] == ' ' && text2display[i] == '.')
  ...
}

Identical errors can be found in some other places:

  • V547 Expression is always false. Probably the '||' operator should be used here. Notepad++ notepad_plus.cpp 5032

ADAPTIVE Communication Environment (ACE)

V547 Expression 'ch != '_' || ch != ':'' is always true. Probably the '&&' operator should be used here. ACEXML_Parser parser.cpp 1905


ACEXML_Char*
ACEXML_Parser::parse_reference_name (void)
{
  ACEXML_Char ch = this->get ();
  if (!this->isLetter (ch) && (ch != '_' || ch != ':'))
    return 0;
  ...
}

WinMerge

V547 Expression 'cchText < 0' is always false. Unsigned type value is never < 0. Merge ccrystaleditview.cpp 1135


BOOL CCrystalEditView::
DoDropText (COleDataObject * pDataObject,
            const CPoint & ptClient)
{
  ...
  UINT cbData = (UINT) ::GlobalSize (hData);
  UINT cchText = cbData / sizeof(TCHAR) - 1;
  if (cchText < 0)
    return FALSE;
  ...
}

BCmenu

V547 Expression 'nLoc >= 0' is always true. Unsigned type value is always >= 0. Merge bcmenu.cpp 1232


BCMenu *BCMenu::FindMenuOption(int nId,UINT& nLoc)
{
  ...
  nLoc = -1;
  ...
}

BOOL BCMenu::ModifyODMenuW(wchar_t *lpstrText,
                           UINT nID, int nIconNormal)
{
  UINT nLoc;
  ...
  BCMenu *psubmenu = FindMenuOption(nID,nLoc);
  ...
  if(psubmenu && nLoc>=0) mdata = psubmenu->m_MenuList[nLoc];
  ...
}

Identical errors can be found in some other places:

  • V547 Expression 'nLoc >= 0' is always true. Unsigned type value is always >= 0. Merge bcmenu.cpp 1263
  • V547 Expression 'nLoc >= 0' is always true. Unsigned type value is always >= 0. Merge bcmenu.cpp 1285
  • V547 Expression 'nLoc >= 0' is always true. Unsigned type value is always >= 0. Merge bcmenu.cpp 1309
  • And 2 additional diagnostic messages.

WinMerge

V547 Expression 'text.length() >= 0' is always true. Unsigned type value is always >= 0. Merge splash.cpp 262


typedef String std::wstring;

void CSplashWnd::OnPaint()
{
  ...
  String text = LoadResString(IDS_SPLASH_DEVELOPERS);

  // avoid dereference of empty strings and
  // the NULL termiated character
  if (text.length() >= 0)
  {
  ...
}

UCSniff

V547 Expression '* hDecoder < 0' is always false. Unsigned type value is never < 0. g726_decoder.c 11


int initialize_g726_decoder(unsigned long *hDecoder)
{
  *hDecoder = EasyG726_init_decoder();
  if(*hDecoder<0)
   return -1;
  return 0;
}

Identical errors can be found in some other places:

  • V547 Expression 'currentRTPCall->hDecoderFwd >= 0' is always true. Unsigned type value is always >= 0. ec_siprtp.c 1547
  • V547 Expression 'currentRTPCall->hDecoderRev >= 0' is always true. Unsigned type value is always >= 0. ec_siprtp.c 1550

DeSmuME

V547 Expression 'name[i] >= 0xF0' is always false. The value range of signed char type: [-128, 127]. DeSmuME_VS2005 directory.cpp 118


static int _FAT_directory_lfnLength (const char* name) {
  ...
  for (i = 0; i < nameLength; i++) {
    if (name[i] < 0x20 || name[i] >= ABOVE_UCS_RANGE) {
      return -1;
    }
  }
  ...
}

This is what should have been written here: (unsigned char)(name[i]) >= ABOVE_UCS_RANGE


DeSmuME

V547 Expression 'remain < 0' is always false. Unsigned type value is never < 0. DeSmuME_VS2005 fatfile.cpp 527


static bool _FAT_check_position_for_next_cluster(....,
 size_t remain, ....)
{
  ...
  if ((remain < 0) ||
      (position->sector > partition->sectorsPerCluster)) {
    // invalid arguments - internal error
    r->_errno = EINVAL;
    goto err;
  }
  ...
}

DeSmuME

V547 Expression '(str[0] != ' ') || (str[0] != '\t')' is always true. Probably the '&&' operator should be used here. DeSmuME_VS2005 xstring.cpp 93


int str_ltrim(char *str, int flags) {
  ...
  while (str[0]) {
    if ((str[0] != ' ') || (str[0] != '\t') ||
        (str[0] != '\r') || (str[0] != '\n'))
      break;
  ...
}

DeSmuME

V547 Expression is always true. Probably the '&&' operator should be used here. DeSmuME_VS2005 xstring.cpp 124


int str_rtrim(char *str, int flags) {
 u32 i=0;

 while (strlen(str)) {
  if ((str[strlen(str)-1] != ' ') ||
   (str[strlen(str)-1] != '\t') ||
   (str[strlen(str)-1] != '\r') ||
   (str[strlen(str)-1] != '\n')) break;
  ...
}

DeSmuME

V547 Expression '(char *) cheatsExport->gametitle != ""' is always true. To compare strings you should use strcmp() function. DeSmuME_VS2005 cheatswin.cpp 1382


class CHEATSEXPORT
{
  ...
  u8 *gametitle;
  ...
}

INT_PTR CALLBACK CheatsExportProc(HWND dialog, UINT msg,
                                  WPARAM wparam, LPARAM lparam)
{
  ...
  if ((char*)cheatsExport->gametitle != "")
  ...
}

Identical errors can be found in some other places:

  • V547 Expression 'tmp_fat_path != ""' is always true. To compare strings you should use strcmp() function. DeSmuME_VS2005 slot1_config.cpp 56

DeSmuME

V547 Expression 'appliedSize == 'b' && appliedSize == 's'' is always false. Probably the '||' operator should be used here. DeSmuME_VS2005 ram_search.cpp 817

V547 Expression 'appliedSize == 'w' && appliedSize == 's'' is always false. Probably the '||' operator should be used here. DeSmuME_VS2005 ram_search.cpp 819


bool Set_RS_Val()
{
  ...
  if((appliedSize == 'b' && appliedSize == 's' &&
      (rs_param < -128 || rs_param > 127)) ||
     (appliedSize == 'b' && appliedSize != 's' &&
      (rs_param < 0 || rs_param > 255)) ||
     (appliedSize == 'w' && appliedSize == 's' &&
      (rs_param < -32768 || rs_param > 32767)) ||
     (appliedSize == 'w' && appliedSize != 's' &&
      (rs_param < 0 || rs_param > 65535)))
    return false;
  ...
}

DeSmuME

V547 Expression 'info.type != 0xFF || info.type != 0xFE' is always true. Probably the '&&' operator should be used here. DeSmuME_VS2005 mc.cpp 1054


void BackupDevice::loadfile()
{
  ...
  if (info.type != 0xFF || info.type != 0xFE)
  ...
}

MAME

V547 Expression is always true. Probably the '&&' operator should be used here. mpu4.c 934


int m_led_extender;
#define CARD_A   1
#define NO_EXTENDER  0

static WRITE8_DEVICE_HANDLER( pia_ic5_porta_w )
{
  ...
  else if ((state->m_led_extender != CARD_A)||
           (state->m_led_extender != NO_EXTENDER))
  ...
}

Trans-Proteomic Pipeline

V547 Expression 'c != '\\' || c != '/'' is always true. Probably the '&&' operator should be used here. Tandem2XML tandemresultsparser.cxx 787


bool TandemResultsParser::writePepXML(....)
{
  ...
  char c = pathSummary.at(pathSummary.length() - 1);
  if (c != '\\' || c != '/')
  ...
}

This is what should have been written here: if (c != '\\' && c != '/')


Trans-Proteomic Pipeline

V547 Expression 'peptideProphetOpts_.find(" PI ", 0) >= 0' is always true. Unsigned type value is always >= 0. pepXMLViewer pipelineanalysis.cxx 1590


class basic_string
{
  ...
  size_type find(const _Elem *_Ptr, size_type _Off = 0) const
  ...
}

void
PipelineAnalysis::prepareFields(void) {
  ...
  if (peptideProphetOpts_.find(" PI ", 0)>=0) {
    fields_.push_back(Field("PpI_zscore"));
  }
  ...
}

This is what should have been written here: (peptideProphetOpts_.find(" PI ", 0) != string::npos).

Identical errors can be found in some other places:

  • V547 Expression 'peptideProphetOpts_.find(" RT ", 0) >= 0' is always true. Unsigned type value is always >= 0. pepXMLViewer pipelineanalysis.cxx 1593

Trans-Proteomic Pipeline

V547 Expression 'numAssignedPeaks >= 0' is always true. Unsigned type value is always >= 0. tpplib spectrastreplicates.cpp 642


void SpectraSTReplicates::aggregateStats(....)
{
  ...
  unsigned int numAssignedPeaks =
    (*r)->entry->getPeakList()->getNumAssignedPeaks();
  if (numAssignedPeaks >= 0)
  {
    sumFracAssigned +=
      (double)numAssignedPeaks / (double)numPeaks;
    numAnnotated++;
  }
  ...
}

Identical errors can be found in some other places:

  • V547 Expression 'pl->getNumAssignedPeaks() >= 0' is always true. Unsigned type value is always >= 0. tpplib spectrastreplicates.cpp 724

Trans-Proteomic Pipeline

V547 Expression 'pos < 0' is always false. Unsigned type value is never < 0. dta2mzXML dta2mzxml.cpp 622


int Dta2mzXML::extractScanNum(const string& dtaFileName)
{
  ...
  std::string::size_type pos = dtaFileName.rfind("/");

  if (pos < 0)  {
    pos = dtaFileName.rfind("\\");
  }
  ...
}

This is what should have been written here: (pos == string::npos).

Identical errors can be found in some other places:

  • V547 Expression 'pos < 0' is always false. Unsigned type value is never < 0. dta2mzXML dta2mzxml.cpp 626
  • V547 Expression 'pos < 0' is always false. Unsigned type value is never < 0. dta2mzXML dta2mzxml.cpp 653
  • V547 Expression 'pos < 0' is always false. Unsigned type value is never < 0. dta2mzXML dta2mzxml.cpp 657

Visualization Toolkit (VTK)

V547 Expression is always true. Probably the '&&' operator should be used here. vtkHybrid vtkmniobjectreader.cxx 161


int vtkMNIObjectReader::CanReadFile(const char* fname)
{
  ...
  if (objType == 'P' || objType != 'L' ||
      objType == 'M' || objType != 'F' ||
      objType == 'X' || objType != 'Q' ||
      objType == 'T')
  ...
}

Visualization Toolkit (VTK)

V547 Expression is always true. Probably the '&&' operator should be used here. vtkIO vtknetcdfcfreader.cxx 838


int vtkNetCDFCFReader::RequestDataObject(....)
{
  if (    (preferredDataType != VTK_IMAGE_DATA)
       || (preferredDataType != VTK_RECTILINEAR_GRID) )
  {
    vtkWarningMacro("You have set the OutputType to a data "
                    "type that cannot fully represent the "
                    "topology of the data. Some of the "
                    "topology will be ignored.");
  }
}

Identical errors can be found in some other places:

  • V547 Expression is always true. Probably the '&&' operator should be used here. vtkIO vtknetcdfcfreader.cxx 847

MongoDB

V547 Expression 'str::after("abcde", 'x') == ""' is always false. To compare strings you should use strcmp() function. test.cpp 43


inline const char * after(const char *s, char x);
inline string after(const string& s, char x);
inline const char * after(const char *s, const char *x);
inline string after(string s, string x);

inline const char * after(const char *s, char x) {
  const char *p = strchr(s, x);
  return (p != 0) ? p+1 : "";
}

int main() {
{
  ...
  assert( str::after("abcde", 'x') == "" );
  ...
}

MongoDB

V547 Expression 'i >= 0' is always true. Unsigned type value is always >= 0. mmap_win.cpp 90


void* MemoryMappedFile::map(....) {
  ....
  size_t len = strlen( filename );
  for ( size_t i=len-1; i>=0; i-- ) {
    if ( filename[i] == '/' ||
         filename[i] == '\\' )
      break;

    if ( filename[i] == ':' )
         filename[i] = '_';
  }
  ....
}

CamStudio

V547 Expression 'bytesRead < 0' is always false. Unsigned type value is never < 0. soundfile.cpp 166


bool CSoundFile::OpenWaveFile()
{
  ....
  DWORD bytesRead = mmioRead(m_hFile, (LPSTR)&m_Format,
                             m_MMCKInfoChild.cksize);
  if (bytesRead < 0)
  {
    AfxMessageBox("Error reading PCM wave format record");
    mmioClose(m_hFile,0);
    m_Mode = FILE_ERROR;
    return FALSE;
  }
  ....
}

CamStudio

V547 Expression '* p == 0xFE' is always false. The value range of char type: [127, -128]. compile.cpp 527


#define MAGIC_CONTINUE_NUMBER_LO 0xFE
#define MAGIC_CONTINUE_NUMBER_HI 0x7F

/* I can't believe this actually worked */
void bufferResolveJumps(Buffer out)
{
  ....
  if (*p == MAGIC_CONTINUE_NUMBER_LO &&
      *(p+1) == MAGIC_CONTINUE_NUMBER_HI)
  {
  ....
}

You're right not to believe. It doesn't work indeed! :-)


Samba

V547 Expression '(to != CH_UTF16LE) || (to != CH_UTF16BE)' is always true. Probably the '&&' operator should be used here. charcnv.c 188


static size_t convert_string_internal(....)
{
  ....
    if (((from == CH_UTF16LE)||(from == CH_UTF16BE)) &&
        ((to != CH_UTF16LE)||(to != CH_UTF16BE))) {
  ....
}

Identical errors can be found in some other places:

  • V547 Expression '(to != CH_UTF16LE) || (to != CH_UTF16BE)' is always true. Probably the '&&' operator should be used here. charcnv.c 599

Samba

V547 Expression 'result.pid < 0' is always false. Unsigned type value is never < 0. util.c 2376


struct server_id {
  uint32_t pid;
  uint32_t vnn;
  uint64_t unique_id;
}

struct server_id interpret_pid(const char *pid_string)
{
  struct server_id result;
  ....
  /* Assigning to result.pid may have overflowed
     Map negative pid to -1: i.e. error */
  if (result.pid < 0) {
    result.pid = -1;
  }
  ....
}

Samba

V547 Expression is always false. Consider reviewing this expression. pdbtest.c 170


static bool samu_correct(struct samu *s1, struct samu *s2)
{
  ....
  if (d2_buf == NULL && d2_buf != NULL) {
    DEBUG(0, ("Logon hours is not set\n"));
    ret = False;
  }
  ....
}

Tor

V547 Expression is always true. Probably the '&&' operator should be used here. transports.c 556


void
pt_configure_remaining_proxies(void)
{
  ....
  tor_assert(mp->conf_state != PT_PROTO_BROKEN ||
             mp->conf_state != PT_PROTO_FAILED_LAUNCH);
  ....
}

OpenCV

V547 Expression 'd > maxd' is always false. Unsigned type value is never < 0. fuzzymeanshifttracker.cpp 386


void CvFuzzyMeanShiftTracker::SearchWindow::initDepthValues(....)
{
  unsigned int d=0, mind = 0xFFFF, maxd = 0,
           m0 = 0, m1 = 0, mc, dd;
  ....
  for (int j = 0; j < height; j++)
  {
    ....
    if (d > maxd)
      maxd = d;
    ....
  }
}

Variable 'd' does not change in the loop.


ReactOS

V547 Expression 'i < 0x10000' is always true. The value range of unsigned short type: [0, 65535]. xboxhw.c 358


#define DISKREADBUFFER_SIZE HEX(10000)

typedef unsigned short USHORT, *PUSHORT;

static VOID DetectBiosDisks(....)
{
  USHORT i;
  ....
  Changed = FALSE;
  for (i = 0; ! Changed && i < DISKREADBUFFER_SIZE; i++)
  {
    Changed = ((PUCHAR)DISKREADBUFFER)[i] != 0xcd;
  }
  ....
}

ReactOS

V547 Expression 'ads->udpsocket < 0' is always false. Unsigned type value is never < 0. setup.c 539


typedef UINT_PTR SOCKET;
#define ADNS_SOCKET SOCKET

struct adns__state {
  ....
  ADNS_SOCKET udpsocket, tcpsocket;
  ....
};

static int init_finish(adns_state ads) {
  ....
  if (ads->udpsocket<0) { r= errno; goto x_free; }
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'fd < 0' is always false. Unsigned type value is never < 0. event.c 117
  • V547 Expression 'ads->udpsocket >= 0' is always true. Unsigned type value is always >= 0. check.c 105
  • V547 Expression 'ads->tcpsocket >= 0' is always true. Unsigned type value is always >= 0. check.c 114
  • And 1 additional diagnostic messages.

ReactOS

V547 Expression '0 <= Id' is always true. Unsigned type value is always >= 0. menu.c 2663


static INT FASTCALL
MenuButtonUp(MTRACKER *Mt, HMENU PtMenu, UINT Flags)
{
  UINT Id;
  ....
  Id = NtUserMenuItemFromPoint(....);
  ....
  if (0 <= Id &&
      MenuGetRosMenuItemInfo(MenuInfo.Self, Id, &ItemInfo) &&
      MenuInfo.FocusedItem == Id)
  ....
}

ReactOS

V547 Expression 'Info->nPage < 0' is always false. Unsigned type value is never < 0. scrollbar.c 428


typedef struct tagSCROLLINFO {
  ....
  UINT nPage;
  ....
} SCROLLINFO,*LPSCROLLINFO;

static DWORD FASTCALL
co_IntSetScrollInfo(....)
{
  LPSCROLLINFO Info;
  ....
  /* Make sure the page size is valid */
  if (Info->nPage < 0)
  {
    pSBData->page = Info->nPage = 0;
  }
  ....
}

ReactOS

V547 Expression 'Entry->Id <= 0xffff' is always true. The value range of unsigned short type: [0, 65535]. res.c 312


typedef unsigned short WORD;
WORD Id;

static LONG
LdrpCompareResourceNames_U(....)
{
  /* Fail if ResourceName2 is an ID */
  if (Entry->Id <= USHRT_MAX) return -1;
  ....
}

ReactOS

V547 Expression 'index < 0' is always false. Unsigned type value is never < 0. extensions.c 936


typedef unsigned int GLuint;

const GLubyte *_mesa_get_enabled_extension(
  struct gl_context *ctx, GLuint index)
{
  const GLboolean *base;
  size_t n;
  const struct extension *i;
  if (index < 0)
    return NULL;
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'ch <= 0xFF' is always true. The value range of char type: [-128, 127]. hexedit.c 1279
  • V547 Expression 'index >= 0' is always true. Unsigned type value is always >= 0. st_glsl_to_tgsi.cpp 4013
  • V547 Expression 'index >= 0' is always true. Unsigned type value is always >= 0. st_glsl_to_tgsi.cpp 4023
  • And 4 additional diagnostic messages.

Windows 8 Driver Samples

V547 Expression 'i < 256' is always true. The value range of unsigned char type: [0, 255]. hw_mac.c 1946


VOID HwFillRateElement(....)
{
  UCHAR i, j;
  ....
  for (i = 0; (i < basicRateSet->uRateSetLength) &&
              (i < 256); i++)
  {
    rate[i] = 0x80 | basicRateSet->ucRateSet[i];
  }
  ....
}

Windows 8 Driver Samples

V547 Expression is always false. The value range of unsigned char type: [0, 255]. hw_mac.c 1971


VOID HwFillRateElement(....)
{
  ....
  UCHAR rate[256];
  UCHAR rateNum;
  ....
  if (rateNum == sizeof(rate) / sizeof(UCHAR))
    break;
  ....
}

NetXMS

V547 Expression 'sockfd < 0' is always false. Unsigned type value is never < 0. radius.cpp 682


typedef UINT_PTR SOCKET;

static int DoRadiusAuth(....)
{
  SOCKET sockfd;
  ....
  // Open a socket.
  sockfd = socket(AF_INET, SOCK_DGRAM, 0);
  if (sockfd < 0)
  {
    DbgPrintf(3, _T("RADIUS: Cannot create socket"));
    pairfree(req);
    return 5;
  }
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'col->fd >= 0' is always true. Unsigned type value is always >= 0. ipfix.c 845
  • V547 Expression is always false. Unsigned type value is never < 0. ipfix.c 962
  • V547 Expression 'sock < 0' is always false. Unsigned type value is never < 0. ipfix.c 1013
  • And 4 additional diagnostic messages.

NetXMS

V547 Expression 'i >= 0' is always true. Unsigned type value is always >= 0. ipfix.c 488


int ipfix_snprint_string(....)
{
  size_t  i;
  uint8_t *in = (uint8_t*) data;

  for( i=len-1; i>=0; i-- ) {
    if ( in[i] == '\0' ) {
      return snprintf( str, size, "%s", in );
    }
  }
  ....
}

NetXMS

V547 Expression 'value >= 0' is always true. Unsigned type value is always >= 0. catalyst.cpp 71


bool CatalystDriver::isDeviceSupported(
  SNMP_Transport *snmp, const TCHAR *oid)
{
  DWORD value = 0;
  if (SnmpGet(snmp->getSnmpVersion(), snmp,
             _T(".1.3.6.1.4.1.9.5.1.2.14.0"),
             NULL, 0, &value, sizeof(DWORD), 0)
      != SNMP_ERR_SUCCESS)
    return false;
  // Catalyst 3550 can return 0 as number of slots
  return value >= 0;
}

WinMerge

V547 Expression 'i >= 0' is always true. Unsigned type value is always >= 0. mergedoclinediffs.cpp 282


void CMergeDoc::Computelinediff(....)
{
  ....
  vector<wdiff*>::size_type i;
  ....
  for (i=worddiffs.size() - 1; i>=0; --i)
  {
    const wdiff * diff = worddiffs[i];
    if (end1 == -1 && diff->end[0] != -1)
      end1 = diff->end[0];
    if (end2 == -1 && diff->end[1] != -1)
      end2 = diff->end[1];
    if (end1 != -1 && end2 != -1)
      break; // found both
  }
  ....
}

QuickThread

V547 Expression 'NUMA_NodeNumber >= 0' is always true. Unsigned type value is always >= 0. quickthreadnuma.cpp 101


int numa_preferred(void)
{
  unsigned char NUMA_NodeNumber = numa_available();
  if(NUMA_NodeNumber >= 0)
    return NUMA_NodeNumber;
  return 0;
}

TortoiseSVN

V547 Expression 'ticks < 0' is always false. Unsigned type value is never < 0. winplink.c 635


int main(int argc, char **argv)
{
  ....
  DWORD ticks;
  ....
  if (run_timers(now, &next)) {
    ticks = next - GETTICKCOUNT();
    if (ticks < 0) ticks = 0;
  } else {
    ticks = INFINITE;
  }
  ....
}

Chromium

V547 Expression 'socket_ < 0' is always false. Unsigned type value is never < 0. tcp_server_socket_win.cc 48


typedef UINT_PTR SOCKET;

SOCKET socket_;

int TCPServerSocketWin::Listen(....) {
  ....
  socket_ = socket(address.GetSockAddrFamily(),
                   SOCK_STREAM, IPPROTO_TCP);
  if (socket_ < 0) {
    PLOG(ERROR) << "socket() returned an error";
    return MapSystemError(WSAGetLastError());
  }
  ....
}

Multi Theft Auto

V547 Expression 'm_TidyupTimer.Get() < 0' is always false. Unsigned type value is never < 0. crenderitem.effectcloner.cpp 182


unsigned long long Get ( void );

void CEffectClonerImpl::MaybeTidyUp ( void )
{
  ....
  if ( m_TidyupTimer.Get () < 0 )
    return;
  ....
}

Multi Theft Auto

V547 Expression 'ucNumber >= 1000' is always false. The value range of unsigned char type: [0, 255]. cluafunctiondefinitions.cpp 4450

V547 Expression 'ucNumber <= 1193' is always true. The value range of unsigned char type: [0, 255]. cluafunctiondefinitions.cpp 4450


int CLuaFunctionDefinitions::GetVehicleUpgradeSlotName (....)
{
  unsigned char ucNumber;
  ....
  else if ( ucNumber >= 1000 && ucNumber <= 1193 )
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'ucNameLength > 1024' is always false. The value range of unsigned char type: [0, 255]. cpackethandler.cpp 2766

Multi Theft Auto

V547 Expression 'uiResourceLength < 0' is always false. Unsigned type value is never < 0. csettings.cpp 408


inline const char* CSettings::GetName (....,
  unsigned int uiResourceLength )
{
  // Only calculate the resource length if it's
  // not already specified
  if ( uiResourceLength < 0 ) {
    ....
  } else {
    ....
  }
}

Identical errors can be found in some other places:

  • V547 Expression 'pVehicle->GetVehicleSirenCount() >= 0' is always true. Unsigned type value is always >= 0. cmultiplayersa_1.3.cpp 376
  • V547 Expression 'sirenData.data.m_ucSirenCount >= 0' is always true. Unsigned type value is always >= 0. cvehiclerpcs.cpp 604

Multi Theft Auto

V547 Expression 'wc < 0x10000' is always true. The value range of wchar_t type: [0, 65535]. utf8.h 121

V547 Expression 'wc < 0x200000' is always true. The value range of wchar_t type: [0, 65535]. utf8.h 123

V547 Expression 'wc < 0x4000000' is always true. The value range of wchar_t type: [0, 65535]. utf8.h 125

V547 Expression 'wc <= 0x7fffffff' is always true. The value range of wchar_t type: [0, 65535]. utf8.h 127


int
utf8_wctomb (unsigned char *dest, wchar_t wc, int dest_size)
{
  if (!dest)
    return 0;
  int count;
  if (wc < 0x80)
    count = 1;
  else if (wc < 0x800)
    count = 2;
  else if (wc < 0x10000)
    count = 3;
  else if (wc < 0x200000)
    count = 4;
  else if (wc < 0x4000000)
    count = 5;
  else if (wc <= 0x7fffffff)
    count = 6;
  else
    return RET_ILSEQ;
  ....
}

Boost (C++ libraries)

V547 Expression 'new_socket.get() >= 0' is always true. Unsigned type value is always >= 0. win_iocp_socket_service.hpp 436


typedef SOCKET socket_type;

class socket_holder
{
  ....
  socket_type socket_;
  ....
  socket_type get() const { return socket_; }
  ....
};

template <typename Socket>
boost::system::error_code accept(....)
{
  ....
  // On success, assign new connection to peer socket object.
  if (new_socketnew_socket.get() >= 0)
  {
    if (peer_endpoint)
      peer_endpoint->resize(addr_len);
    if (!peer.assign(impl.protocol_, new_socket.get(), ec))
      new_socket.release();
  }
  return ec;
}

Trans-Proteomic Pipeline

V547 Expression 'b + tau >= 0' is always true. Unsigned type value is always >= 0. spectrastpeaklist.cpp 2058


double SpectraSTPeakList::calcXCorr() {
  ....
  for (int tau = -75; tau <= 75; tau++) {

    float dot = 0.0;
    for (unsigned int b = 0; b < numBins; b++) {
      if (b + tau >= 0 && b + tau < (int)numBins) {
        dot += (*m_bins)[b] * theoBins[b + tau] / 10000.0;
      }
    }
    ....
  ....
}

TinyCAD

V547 Expression 'parentPos >= 0' is always true. Unsigned type value is always >= 0. bomgenerator.cpp 77


void CBOMGenerator::GenerateBomForDesign(
  int level, size_t parentPos, ....)
{
  ....
  if (parentPos >= 0) cmrParent = cmrDefaultParent;
  ....
}

SeqAn

V547 Expression 'pos < 0' is always false. Unsigned type value is never < 0. tokenize.h 1548


template <typename TStream, typename TPass, typename TBuffer>
inline int
readLineStripTrailingBlanks(TBuffer & buffer,
  RecordReader<TStream, TPass> & reader)
{
  ....
  typename Size<TBuffer>::Type pos = length(buffer) - 1;

  if (pos < 0)
    return 0;
  ....
}

CrashRpt library

V547 Expression 'pos < 0' is always false. Unsigned type value is never < 0. main.cpp 314


typedef std::basic_string<TCHAR> tstring;

int process_report(....)
{
  ....
  tstring sInDirName;
  ....
  size_t pos = sInDirName.rfind('\\');
  if(pos<0) // There is no back slash in path
  {
    sInDirName = _T("");
    sInFileName = szInput;
  }
  else
  {
    sInFileName = sInDirName.substr(pos+1);
    sInDirName = sInDirName.substr(0, pos);
  }
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'pos < 0' is always false. Unsigned type value is never < 0. main.cpp 352
  • V547 Expression 'pos >= 0' is always true. Unsigned type value is always >= 0. main.cpp 837
  • V547 Expression 'pos >= 0' is always true. Unsigned type value is always >= 0. minidumpreader.cpp 775

WebPagetest

V547 Expression is always false. Probably the '||' operator should be used here. json_reader.cpp 566


bool
Reader::readArray( Token &tokenStart )
{
  ....
  bool badTokenType = ( token.type_ == tokenArraySeparator &&
                        token.type_ == tokenArrayEnd );
  if ( !ok  ||  badTokenType )
  {
    ....
}

This is what should have been written here: token.type_ != tokenArraySeparator && token.type_ != tokenArrayEnd


Snes9x

V547 Expression is always false. Probably the '||' operator should be used here. ram_search.cpp 921

V547 Expression is always false. Probably the '||' operator should be used here. ram_search.cpp 923


bool Set_RS_Val()
{
  ....
  int appliedSize;
  ....
  if((appliedSize == TEXT('b') && appliedSize == TEXT('s') &&
      (rs_param < -128 || rs_param > 127)) ||
     (appliedSize == TEXT('b') && appliedSize != TEXT('s') &&
      (rs_param < 0 || rs_param > 255)) ||
     (appliedSize == TEXT('w') && appliedSize == TEXT('s') &&
      (rs_param < -32768 || rs_param > 32767)) ||
     (appliedSize == TEXT('w') && appliedSize != TEXT('s') &&
      (rs_param < 0 || rs_param > 65535)))
     return false;
  ....
}

VirtualDub

V547 Expression 'res < 0' is always false. Unsigned type value is never < 0. Riza w32videocodecpack.cpp 828


void VDVideoCompressorVCM::GetState(vdfastvector<uint8>& data) {
  DWORD res;
  ....
  res = ICGetState(hic, data.data(), size);
  ....
  if (res < 0)
    throw MyICError("Video compression", res);
}

Identical errors can be found in some other places:

  • V547 Expression 'retval < 0' is always false. Unsigned type value is never < 0. Riza w32videocodec.cpp 284

Prime95

V547 Expression '* p == '//'' is always false. The value range of char type: [-128, 127]. prime95 prime95.cpp 156


BOOL CPrime95App::InitInstance()
{
  char *p;
  ....
  for (p = m_lpCmdLine; *p == '//' || *p == '-'; ) {
  ....
}

Prime95

V547 Expression '(s = socket(hp->h_addrtype, 1, 0)) < 0' is always false. Unsigned type value is never < 0. prime95 primenet.c 354


typedef UINT_PTR SOCKET;

SOCKET socket(__in int af, __in int type,
              __in int protocol);

int pnHttpServer (char *pbuf, unsigned cbuf, char* postargs)
{
  ....
  if ((s = socket (hp->h_addrtype, SOCK_STREAM, 0)) < 0) {
  ....
}

Geant4 software

V547 Expression is always true. Probably the '&&' operator should be used here. G4had_im_r_matrix g4collisionmesonbaryonelastic.cc 53


G4bool G4CollisionMesonBaryonElastic::
 IsInCharge(const G4KineticTrack& trk1,
            const G4KineticTrack& trk2) const
 {
   G4bool result = false;
   G4ParticleDefinition * p1 = trk1.GetDefinition();
   G4ParticleDefinition * p2 = trk2.GetDefinition();
   if(   (GetNumberOfPartons(p1) != 2 ||
          GetNumberOfPartons(p2) != 3)
       ||(GetNumberOfPartons(p1) != 3 ||
          GetNumberOfPartons(p2) != 2) )
   {
     result = false;
   }
  ....
}

libusbx

V547 Expression '0 > * busnum' is always false. Unsigned type value is never < 0. linux_usbfs.c 620

V547 Expression '0 > * devaddr' is always false. Unsigned type value is never < 0. linux_usbfs.c 624


int linux_get_device_address (....,
  uint8_t *busnum, uint8_t *devaddr,
  ....)
{
  ....
  *busnum = __read_sysfs_attr(ctx, sys_name, "busnum");
  if (0 > *busnum)
    return *busnum;

  *devaddr = __read_sysfs_attr(ctx, sys_name, "devnum");
  if (0 > *devaddr)
    return *devaddr;
  ....
}

PostgreSQL Database Management System

V547 Expression 'sock_fd < 0' is always false. Unsigned type value is never < 0. postgres auth.c 1668


typedef UINT_PTR SOCKET;
typedef SOCKET pgsocket;

static int
ident_inet(hbaPort *port)
{
  ....
  pgsocket  sock_fd;
  ....
  sock_fd = socket(ident_serv->ai_family,
                   ident_serv->ai_socktype,
                   ident_serv->ai_protocol);
  if (sock_fd < 0)
  {
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'sock_fd >= 0' is always true. Unsigned type value is always >= 0. postgres auth.c 1748
  • V547 Expression 'sock < 0' is always false. Unsigned type value is never < 0. postgres auth.c 2567
  • V547 Expression is always false. Unsigned type value is never < 0. postgres pqcomm.c 395
  • And 2 additional diagnostic messages.

Source Engine SDK

V547 Expression 'm_nActiveParticles >= 0' is always true. Unsigned type value is always >= 0. Client (HL2) particlemgr.cpp 967


unsigned short m_nActiveParticles;

void CParticleEffectBinding::RemoveParticle(
  Particle *pParticle )
{
  ....
  Assert( m_nActiveParticles >= 0 );
  ....
}

Source Engine SDK

V547 Expression 'firstedge >= 0' is always true. Unsigned type value is always >= 0. Vbsp writebsp.cpp 1428


static void AddNodeToBounds(....)
{
  ....
  unsigned int firstedge = dfaces[face].firstedge;
  Assert( firstedge >= 0 );
  ....
}

Source Engine SDK

V547 Expression 'pEdge->v[0] >= 0' is always true. Unsigned type value is always >= 0. Vbsp writebsp.cpp 1435

V547 Expression 'pEdge->v[1] >= 0' is always true. Unsigned type value is always >= 0. Vbsp writebsp.cpp 1436


struct dedge_t
{
  DECLARE_BYTESWAP_DATADESC();
  unsigned short  v[2];
};

static void AddNodeToBounds(....)
{
  ....
  Assert( pEdge->v[0] >= 0 );
  Assert( pEdge->v[1] >= 0 );
  ....
}

Source Engine SDK

V547 Expression 'numbounce < 0' is always false. Unsigned type value is never < 0. Vrad_dll vrad.cpp 2412


unsigned  numbounce = 100;

int ParseCommandLine( int argc, char **argv, bool *onlydetail )
{
  ....
  numbounce = atoi (argv[i]);
  if ( numbounce < 0 )
  {
    Warning(
      "Error: expected non-negative value after '-bounce'\n");
    return 1;
  }
  ....
}

Firebird

V547 Expression '-- i >= 0' is always true. Unsigned type value is always >= 0. isql.cpp 3421


static processing_state add_row(TEXT* tabname)
{
  ....
  unsigned i = n_cols;
  while (--i >= 0)
  {
    if (colnumber[i] == ~0u)
  {
       bldr->remove(fbStatus, i);
       if (ISQL_errmsg(fbStatus))
         return (SKIP);
    }
  }
  msg.assignRefNoIncr(bldr->getMetadata(fbStatus));
  ....
}

Firebird

V547 Expression 'scale < 0' is always false. Unsigned type value is never < 0. isql.cpp 3716


static processing_state add_row(TEXT* tabname)
{
  ....
  unsigned varLength, scale;
  ....
  scale = msg->getScale(fbStatus, i);
  ....
  if (scale < 0)
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'scale < 0' is always false. Unsigned type value is never < 0. isql.cpp 4437

Firebird

V547 Expression '* * argv != 'n' || * * argv != 'N'' is always true. Probably the '&&' operator should be used here. gpre.cpp 1829


static bool get_switches(....)
  ....
  if (**argv != 'n' || **argv != 'N')
  {
    fprintf(stderr,
      "-sqlda :  Deprecated Feature: you must use XSQLDA\n ");
    print_switches();
    return false;
  }
  ....
}

CryEngine 3 SDK

V547 Expression is always true. Probably the '&&' operator should be used here. searchmodule.cpp 469


SearchSpotStatus GetStatus() const { return m_status; }

SearchSpot* SearchGroup::FindBestSearchSpot(....)
{
  ....
  if(searchSpot.GetStatus() != Unreachable ||
     searchSpot.GetStatus() != BeingSearchedRightAboutNow)
  ....
}

CryEngine 3 SDK

V547 Expression 'inTimelineId >= 0' is always true. Unsigned type value is always >= 0. circularstatsstorage.cpp 31


const CCircularBufferTimeline *
CCircularBufferStatsContainer::GetTimeline(
  size_t inTimelineId) const
{
  ....
  if (inTimelineId >= 0 && (int)inTimelineId < m_numTimelines)
  {
    tl = &m_timelines[inTimelineId];
  }
  else
  {
    CryWarning(VALIDATOR_MODULE_GAME,VALIDATOR_ERROR,
               "Statistics event %" PRISIZE_T
               " is larger than the max registered of %"
               PRISIZE_T ", event ignored",
               inTimelineId,m_numTimelines);
  }
  ....
}

ICU

V547 Expression 'standardDate.wDay < 0' is always false. Unsigned type value is never < 0. wintzimpl.cpp 66


int32_t getRuleWeekInMonth(void) const;

typedef struct _SYSTEMTIME {
  ....
  WORD wDay;
  ....
} SYSTEMTIME, *PSYSTEMTIME;

static UBool getSystemTimeInformation(....)
{
  ....
  standardDate.wDay = std->getRule()->getRuleWeekInMonth();
  if (standardDate.wDay < 0) {
    standardDate.wDay = 5;
  }
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'daylightDate.wDay < 0' is always false. Unsigned type value is never < 0. wintzimpl.cpp 87

Scilab

V547 Expression 'iParentType == 9 && iParentType == 21' is always false. Probably the '||' operator should be used here. sci_uimenu.c 99


#define __GO_FIGURE__ 9
#define __GO_UIMENU__ 21

int sci_uimenu(char *fname, unsigned long fname_len)
{
  ....
  if (iParentType == __GO_FIGURE__ &&
      iParentType == __GO_UIMENU__)
  {
    Scierror(999, _("%s: Wrong type for input argument #%d: ")
             _("A '%s' or '%s' handle expected.\n"),
             fname, 1, "Figure", "Uimenu");
    return FALSE;
  }
  ....
}

This is what should have been written here: iParentType != __GO_FIGURE__ && iParentType != __GO_UIMENU__


Word for Windows 1.1a

V547 Expression '-- cch >= 0' is always true. Unsigned type value is always >= 0. mergeelx.c 1188


void GetNameElk(elk, stOut)
ELK elk;
unsigned char *stOut;
{
  unsigned char *stElk = &rgchElkNames[mpelkichName[elk]];
  unsigned cch = stElk[0] + 1;

  while (--cch >= 0)
    *stOut++ = *stElk++;
}

Qt

V547 Expression is always true. Probably the '&&' operator should be used here. qsgatlastexture.cpp 271


void Atlas::uploadBgra(Texture *texture)
{
  const QRect &r = texture->atlasSubRect();
  QImage image = texture->image();

  if (image.format() != QImage::Format_ARGB32_Premultiplied ||
      image.format() != QImage::Format_RGB32) {
  ....
}

CLucene

V547 Expression '-- size >= 0' is always true. Unsigned type value is always >= 0. arrays.h 154


class Arrays
{
  ....
   bool equals( class1* val1, class2* val2 ) const{
     static _comparator comp;
     if ( val1 == val2 )
       return true;
     size_t size = val1->size();
     if ( size != val2->size() )
       return false;
     _itr1 itr1 = val1->begin();
     _itr2 itr2 = val2->begin();
     while ( --size >= 0 ){
       if ( !comp(*itr1,*itr2) )
         return false;
       itr1++;
       itr2++;
     }
   return true;
  }
  ....
}

CLucene

V547 Expression 'q->getQueryName() != L"BooleanQuery"' is always true. To compare strings you should use wcscmp() function. multifieldqueryparser.cpp 44


const TCHAR* getQueryName() const;

Query* MultiFieldQueryParser::parse(....)
{
  ....
  Query* q = QueryParser::parse(query, fields[i], analyzer);
  if (q && (q->getQueryName() != _T("BooleanQuery")
      || ((BooleanQuery*)q)->getClauseCount() > 0)) {
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'q->getQueryName() != L"BooleanQuery"' is always true. To compare strings you should use wcscmp() function. multifieldqueryparser.cpp 63

TortoiseGit

V547 Expression is always false. Probably the '||' operator should be used here. clonedlg.cpp 413


void CCloneDlg::OnBnClickedCheckSvn()
{
  ....
  CString str;
  m_URLCombo.GetWindowText(str);

  while(str.GetLength()>=1 &&
        str[str.GetLength()-1] == _T('\\') &&
        str[str.GetLength()-1] == _T('/'))
  {
    str=str.Left(str.GetLength()-1);
  }
  ....
}

TortoiseGit

V547 Expression is always true. Probably the '&&' operator should be used here. smart_protocol.c 264


enum git_ack_status {
  GIT_ACK_NONE,
  GIT_ACK_CONTINUE,
  GIT_ACK_COMMON,
  GIT_ACK_READY
};

static int wait_while_ack(gitno_buffer *buf)
{
  ....
  if (pkt->type == GIT_PKT_ACK &&
      (pkt->status != GIT_ACK_CONTINUE ||
       pkt->status != GIT_ACK_COMMON)) {
  ....
}

Tesseract

V547 Expression 'c == 'x' && c == 'X'' is always false. Probably the '||' operator should be used here. libtesseract303 scanutils.cpp 135


uintmax_t streamtoumax(FILE* s, int base) {
  int d, c = 0;
  ....
  c = fgetc(s);
  if (c == 'x' && c == 'X') c = fgetc(s);
  ....
}

WebRTC

V547 Expression 'new_fd < 0' is always false. Unsigned type value is never < 0. ccsip_platform_tcp.c 438


typedef UINT_PTR SOCKET;
typedef SOCKET cpr_socket_t;

cpr_socket_t
sip_tcp_create_connection (sipSPIMessage_t *spi_msg)
{
  cpr_socket_t new_fd;
  ....
  new_fd = cprSocket(af_listen, SOCK_STREAM, 0);
  if (new_fd < 0) {
    CCSIP_DEBUG_ERROR(SIP_F_PREFIX"Socket creation failed %d.",
                      fname, cpr_errno);
    return INVALID_SOCKET;
  }
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'sock < 0' is always false. Unsigned type value is never < 0. ccsip_platform_tls.c 118

Mozilla Firefox

V547 Expression 'aChannelCount < 0' is always false. Unsigned type value is never < 0. adts.cpp 44


bool
Adts::ConvertEsdsToAdts(uint16_t aChannelCount, ....)
{
  ....
  if (newSize >= (1 << 13) || aChannelCount < 0 ||
      aChannelCount > 15 || aFrequencyIndex < 0 ||
      aProfile < 1 || aProfile > 4)
    return false;
  ....
}

Mozilla Firefox

V547 Expression is always false. Probably the '||' operator should be used here. nswindowsregkey.cpp 292


NS_IMETHODIMP
nsWindowsRegKey::ReadStringValue(....)
{
  ....
  DWORD type;
  ....
  if (type != REG_SZ && type == REG_EXPAND_SZ &&
      type == REG_MULTI_SZ)
    return NS_ERROR_FAILURE;
  ....
}

Mozilla Firefox

V547 Expression '-- guess >= minEntry' is always true. Unsigned type value is always >= 0. ion.cpp 1112


const SafepointIndex *
IonScript::getSafepointIndex(uint32_t disp) const
{
  ....
  size_t minEntry = 0;
  ....
  size_t guess = ....;
  ....
  while (--guess >= minEntry) {
    guessDisp = table[guess].displacement();
    JS_ASSERT(guessDisp >= disp);
    if (guessDisp == disp)
      return &table[guess];
  }
  ....
}

Newton Game Dynamics

V547 Expression 'm_mantissa[0] >= 0' is always true. Unsigned type value is always >= 0. dggoogol.cpp 55


typedef unsigned long long dgUnsigned64;

dgUnsigned64 m_mantissa[DG_GOOGOL_SIZE];

dgGoogol::dgGoogol(dgFloat64 value)
  :m_sign(0)
  ,m_exponent(0)
{
  ....
  m_mantissa[0] = (dgInt64 (dgFloat64 (
                    dgUnsigned64(1)<<62) * mantissa));

  // it looks like GCC have problems with this
  dgAssert (m_mantissa[0] >= 0);
  ....
}

Cocos2d-x

V547 Expression '0 == commonInfo->eventName' is always false. Pointer 'commonInfo->eventName' != NULL. ccluaengine.cpp 436


struct CommonScriptData
{
  // Now this struct is only used in LuaBinding.
  int handler;
  char eventName[64];                                    // <=
  ....
};

int LuaEngine::handleCommonEvent(void* data)
{
  ....
  CommonScriptData* commonInfo = static_cast<....*>(data);
  if (NULL == commonInfo->eventName ||                   // <=
      0 == commonInfo->handler)
    return 0;
  ....
}

Identical errors can be found in some other places:

  • V547 Expression '0 != commonInfo->eventSourceClassName' is always true. Pointer 'commonInfo->eventSourceClassName' != NULL. ccluaengine.cpp 442

Asterisk

V547 Expression is always false. Unsigned type value is never < 0. enum.c 309


static int ebl_callback(....)
{
  unsigned int i;
  ....
  if ((i = dn_expand((unsigned char *)fullanswer,
     (unsigned char *)answer + len,
     (unsigned char *)answer, c->apex, sizeof(c->apex) - 1)) < 0)
  {
    ast_log(LOG_WARNING, "Failed to expand hostname\n");
    return 0;
  }
}

PHP:Hypertext Preprocessor

V547 Expression 'tmp_len >= 0' is always true. Unsigned type value is always >= 0. ftp_fopen_wrapper.c 639


static size_t php_ftp_dirstream_read(....)
{
  size_t tmp_len;
  ....
  /* Trim off trailing whitespace characters */
  tmp_len--;
  while (tmp_len >= 0 &&                  // <=
    (ent->d_name[tmp_len] == '\n' ||
     ent->d_name[tmp_len] == '\r' ||
     ent->d_name[tmp_len] == '\t' ||
     ent->d_name[tmp_len] == ' ')) {
       ent->d_name[tmp_len--] = '\0';
  }
  ....
}

Oracle VM Virtual Box

V547 Expression is always true. Probably the '&&' operator should be used here. vboxfboverlay.cpp 2259


VBoxVHWAImage::reset(VHWACommandList * pCmdList)
{
  ....
  if (pCmd->SurfInfo.PixelFormat.c.rgbBitCount != 32
   || pCmd->SurfInfo.PixelFormat.c.rgbBitCount != 24)
  {
    AssertFailed();
    pCmd->u.out.ErrInfo = -1;
    return VINF_SUCCESS;
  }
  ....
}

K Desktop Environment

V547 Expression is always true. Probably the '&&' operator should be used here. incidenceformatter.cpp 2684


static QString formatICalInvitationHelper(....)
{
  ....
  a = findDelegatedFromMyAttendee( inc );
  if ( a ) {
    if ( a->status() != Attendee::Accepted ||      // <=
         a->status() != Attendee::Tentative ) {    // <=
      html += responseButtons( inc, rsvpReq, rsvpRec, helper );
      break;
    }
  }
  ....
}

Identical errors can be found in some other places:

  • V547 Expression is always true. Probably the '&&' operator should be used here. incidenceformatter.cpp 3293

Miranda NG

V547 Expression 'dis->itemData >= 0' is always true. Unsigned type value is always >= 0. TabSRMM hotkeyhandler.cpp 213


ULONG_PTR itemData;

LONG_PTR CALLBACK HotkeyHandlerDlgProc(....)
{
  ....
  if (dis->itemData >= 0) {
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'wParam >= 0' is always true. Unsigned type value is always >= 0. Jabber jabber_agent.cpp 58
  • V547 Expression 'ft->std.currentFileSize < 0' is always false. Unsigned type value is never < 0. Jabber jabber_file.cpp 76
  • V547 Expression 'lpdis->itemID < 0' is always false. Unsigned type value is never < 0. Jabber jabber_groupchat.cpp 522
  • And 24 additional diagnostic messages.

Miranda NG

V547 Expression 'cp != "\005"' is always true. To compare strings you should use strcmp() function. Yahoo libyahoo2.cpp 4486


static void yahoo_process_search_connection(....)
{
  ....
  if (cp != "\005")
  ....
}

Miranda NG

V547 Expression 'i >= 0' is always true. Unsigned type value is always >= 0. Tipper str_utils.cpp 220


TCHAR *myfgets(TCHAR *Buf, int MaxCount, FILE *File)
{
  _fgetts(Buf, MaxCount, File);
  for (size_t i = _tcslen(Buf) - 1; i >= 0; i--)
  {
    if (Buf[i] == '\n' || Buf[i] == ' ')
      Buf[i] = 0;
    else
      break;
  }

  CharLower(Buf);
  return Buf;
}

LibreOffice

V547 Expression is always true. Probably the '&&' operator should be used here. sbxmod.cxx 1777


enum SbxDataType {
  SbxEMPTY    =  0,
  SbxNULL     =  1,
  ....
};

void SbModule::GetCodeCompleteDataFromParse(
  CodeCompleteDataCache& aCache)
{
  ....
  if( (pSymDef->GetType() != SbxEMPTY) ||
      (pSymDef->GetType() != SbxNULL) )
    aCache.InsertGlobalVar( pSymDef->GetName(),
      pParser->aGblStrings.Find(pSymDef->GetTypeId()) );
  ....
}

Identical errors can be found in some other places:

  • V547 Expression is always true. Probably the '&&' operator should be used here. sbxmod.cxx 1785

LibreOffice

V547 Expression is always false. Probably the '||' operator should be used here. svdobj.cxx 2352


enum SfxStyleFamily {
  ....
  SFX_STYLE_FAMILY_PARA = 2,
  ....
  SFX_STYLE_FAMILY_PAGE = 8,
  ....
};

void SdrObject::NbcSetStyleSheet(SfxStyleSheet* pNewStyleSheet,
                                 bool bDontRemoveHardAttr)
{
  // only allow graphic and presentation styles for shapes
  if( pNewStyleSheet &&
     (pNewStyleSheet->GetFamily() == SFX_STYLE_FAMILY_PARA) &&
     (pNewStyleSheet->GetFamily() == SFX_STYLE_FAMILY_PAGE) )
        return;

    GetProperties().SetStyleSheet(pNewStyleSheet,
                                  bDontRemoveHardAttr);
}

LibreOffice

V547 Expression is always false. Probably the '||' operator should be used here. xmlstylesexporthelper.cxx 223


OUString ScMyValidationsContainer::GetCondition(
  ScXMLExport& rExport, const ScMyValidation& aValidation)
{
  ....
  if (.... ||
      (aValidation.aOperator ==
                          sheet::ConditionOperator_BETWEEN &&
       aValidation.aOperator ==
                          sheet::ConditionOperator_NOT_BETWEEN &&
       !aValidation.sFormula2.isEmpty())))
  ....
}

.NET CoreCLR

V547 Expression 'maxCpuId >= 0' is always true. Unsigned type value is always >= 0. cee_wks codeman.cpp 1219


void EEJitManager::SetCpuInfo()
{
  ....
  unsigned char buffer[16];
  DWORD maxCpuId = getcpuid(0, buffer);
  if (maxCpuId >= 0)
  {
  ....
}

Haiku Operation System

V547 Expression '* r && * r == ' ' && * r == '\t'' is always false. Probably the '||' operator should be used here. selection.c 546


static int
selection_rel(....)
{
  char *r, *rname;
  ....
  while (*r && *r == ' ' && *r == '\t')
    r++;
  ....
}

Haiku Operation System

V547 Expression is always true. Probably the '&&' operator should be used here. StatusView.cpp 1397


void
TDragRegion::Draw(BRect)
{
  ....
  if (fDragLocation != kDontDrawDragRegion ||
      fDragLocation != kNoDragRegion)
    DrawDragRegion();
}

Haiku Operation System

V547 Expression 'reservedBase < 0' is always false. Unsigned type value is never < 0. agp_gart.cpp 1172


/* address types */
typedef  unsigned long int  __haiku_addr_t;   // <=
typedef __haiku_addr_t    addr_t;             // <=

static status_t
bind_aperture(...., addr_t reservedBase, ....)
{
  ....
  if (status < B_OK) {
    if (reservedBase < 0)                     // <=
      aperture->DeleteMemory(memory);

    return status;
  }
  ....
}

Haiku Operation System

V547 Expression 'nogscale >= 0' is always true. Unsigned type value is always >= 0. tvp3026.c 212


status_t mil2_dac_init (void)
{
  uint32   rfhcnt, nogscale, memconfig;
  ....
  for (nogscale = 1; nogscale >= 0; nogscale--) {           // <=
    int max = -1 + 33.2 * mclk / (nogscale? 1: 4);
    for (rfhcnt = 15; rfhcnt > 0; rfhcnt--) {
      int value = (rfhcnt & 0x0e) * 256 + (rfhcnt & 0x01) * 64;
      LOG(2,("mil2_dac_init factor %d, rfhcnt %2d: %d ?<= %d\n",
        nogscale, rfhcnt, value, max));
      if (value <= max) goto rfhcnt_found;
    }
  }
  ....
}

Godot Engine

V547 Expression 'p_bytes < 0' is always false. Unsigned type value is never < 0. memory_pool_static_malloc.cpp 159


void* MemoryPoolStaticMalloc::_realloc(void *p_memory,
                                       size_t p_bytes) {
  ....
  if (p_bytes<=0)
  {
    this->free(p_memory);
    ERR_FAIL_COND_V( p_bytes < 0 , NULL );
    return NULL;
  }
  ....
}

Godot Engine

V547 Expression 's < 0' is always false. Unsigned type value is never < 0. particles_2d.cpp 230


_FORCE_INLINE_ static float _rand_from_seed(uint32_t *seed)
{
  ....
  uint32_t s = (*seed);
  ....
  if (s < 0)
    s += 2147483647;
  ....
}

Unreal Engine 4

V547 Expression is always false. Unsigned type value is never < 0. windowsapplication.cpp 1938


void FWindowsApplication::QueryConnectedMice()
{
  ....
  if (GetRawInputDeviceInfoA(Device.hDevice, ....) < 0)
    continue;

  Name.Reset(new char[NameLen+1]);
  if (GetRawInputDeviceInfoA(Device.hDevice, ....) < 0)
    continue;
  ....
}

UINT WINAPI GetRawInputDeviceInfo(...);


MAME

V547 Expression 'nBit < 0' is always false. Unsigned type value is never < 0. bitmask.c 60


BOOL TestBit(LPBITS lpBits, UINT nBit)
{
  UINT  offset;
  UCHAR  mask;

  if (nBit < 0 || !lpBits || !lpBits->m_lpBits)
    return FALSE;
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'nBit < 0' is always false. Unsigned type value is never < 0. bitmask.c 80
  • V547 Expression 'nBit < 0' is always false. Unsigned type value is never < 0. bitmask.c 100

Apple II emulator

V547 Expression 'uTStates < 0' is always false. Unsigned type value is never < 0. z80.cpp 5507


static const double uZ80ClockMultiplier = CLK_Z80 / CLK_6502;
inline static ULONG ConvertZ80TStatesTo6502Cycles(UINT uTStates)
{
  return (uTStates < 0) ?
    0 : (ULONG) ((double)uTStates / uZ80ClockMultiplier);
}

Gamer_Z eXtreme Party

V547 Expression is always true. Probably the '&&' operator should be used here. minigamederby.cxx 346


bool OnPlayerKeyStateChange(
  int playerid, int newkeys, int oldkeys) override
{
  if (newkeys == 1 || newkeys == 9 ||
      newkeys == 33 && oldkeys != 1 ||
      oldkeys != 9 || oldkeys != 33)       // <=
  {
    AddVehicleComponent(Player[playerid].CurrentVehicle, 1010);
  }
  return true;
}

Identical errors can be found in some other places:

  • V547 Expression is always true. Probably the '&&' operator should be used here. minigameracingsystem.cxx 528

Gamer_Z eXtreme Party

V547 Expression 'index >= 0' is always true. Unsigned type value is always >= 0. stunting.cxx 372


ZCMDF(tpx, PERMISSION_NONE,
      RESTRICTION_NOT_IN_A_GAME | RESTRICTION_NOT_AFTER_FIGHT,
      cmd_alias({}), "D")
{
  if (parser.Good())
  {
    size_t index = (_StuntPark.Objects.size() - 1) -
                   parser.Get<unsigned long>();
    if (index >= 0)
    {
      ....
    }
  }
  return true;
}

FreeSWITCH

V547 Expression is always false. Unsigned type value is never < 0. esl.c 690


typedef SOCKET ws_socket_t;

static ws_socket_t prepare_socket(ips_t *ips)
{
  ws_socket_t sock = ws_sock_invalid;

  ....
  if ((sock = socket(family, SOCK_STREAM, IPPROTO_TCP)) < 0) {
    die("Socket Error!\n");
  }
  ....
}

FreeSWITCH

V547 Expression 'fftstate->Perm == ((void *) 0)' is always false. Pointer 'fftstate->Perm' != NULL. fft.c 339


typedef struct {
  unsigned int SpaceAlloced;
  unsigned int MaxPermAlloced;
  double Tmp0[MAXFFTSIZE];
  double Tmp1[MAXFFTSIZE];
  double Tmp2[MAXFFTSIZE];
  double Tmp3[MAXFFTSIZE];
  int Perm[MAXFFTSIZE];
  int factor [NFACTOR];

} FFTstr;

static int   FFTRADIX (...., FFTstr *fftstate)
{
  ....
  if (fftstate->Tmp0 == NULL || fftstate->Tmp1 == NULL ||
      fftstate->Tmp2 == NULL || fftstate->Tmp3 == NULL ||
      fftstate->Perm == NULL) {
    return -1;
  }
  ....
}

Mozilla Thunderbird

V547 Expression is always false. Probably the '||' operator should be used here. nsmsgdbview.cpp 3014


class NS_NO_VTABLE nsMsgViewCommandType
{
  enum
  {
    ....
    junk = 27,
    unjunk = 28,
    ....
  };
};

nsresult nsMsgDBView::
ApplyCommandToIndices(nsMsgViewCommandTypeValue command, ....)
{
  ....
  if ((command == nsMsgViewCommandType::junk) &&
      (command == nsMsgViewCommandType::unjunk))
  ....
}

GINV

V547 Expression '* i ++ < 0' is always false. Unsigned type value is never < 0. imonomaux.cpp 460


class IMonomAuxInterface {
public:
  typedef unsigned         Word;
  typedef Word*            MonomIterator;
  typedef const Word*      MonomConstIterator;
  ....
}

bool IMonomAuxInterface::assertValid(
  IMonomAuxInterface::MonomConstIterator i) const
{
  MonomConstIterator end1 = i + mEndVar;
  do {
    if (*i++ < 0)
      return false;
  } while(i < end1);
  return true;
}

Unreal Engine 4

V547 Expression 'CurrentFileSize >= 0' is always true. Unsigned type value is always >= 0. buildpatchcompactifier.cpp 135


bool FBuildDataCompactifier::Compactify(....) const
{
  ....
  uint64 CurrentFileSize;
  ....
  CurrentFileSize = IFileManager::Get().FileSize(*File);
  if (CurrentFileSize >= 0)
  {
    ....
  }
  else
  {
    GLog->Logf(TEXT("Warning. ......"), *File);
  }
  ....
}

Dolphin Smalltalk 7

V547 Expression 'i >= 0' is always true. Unsigned type value is always >= 0. compact.cpp 35


// Answer the index of the last occuppied OT entry
unsigned __stdcall ObjectMemory::lastOTEntry()
{
  HARDASSERT(m_pOT);

  unsigned i = m_nOTSize-1;
  const OTE* pOT = m_pOT;
  while (pOT[i].isFree())
  {
    ASSERT(i >= 0);
    i--;
  }

  return i;
}

Identical errors can be found in some other places:

  • V547 Expression is always true. Unsigned type value is always >= 0. loadimage.cpp 343

Dolphin Smalltalk 7

V547 Expression 'ch > 127' is always false. The value range of char type: [-128, 127]. decode.cpp 55


ostream& operator<<(ostream& stream, ....)
{
  ....
  char ch = string->m_characters[i];
  //if (ch = '\0') break;
  if (ch < 32 || ch > 127)                              // <=
  {
    static char hexChars[16+1] = "0123456789ABCDEF";
    ....
  }
  ....
}

ChakraCore

V547 Expression 'srcIndex - src->left >= 0' is always true. Unsigned type value is always >= 0. sparsearraysegment.inl 355


class SparseArraySegmentBase
{
public:
    static const uint32 MaxLength;
    ....
    uint32 size;
    ....
}

template<typename T>
SparseArraySegment<T>* SparseArraySegment<T>::CopySegment(....,
  uint32 srcIndex, ....)
{
  ....
  AssertMsg(srcIndex - src->left >= 0,                    // <=
    "src->left > srcIndex resulting in \
     negative indexing of src->elements");
  js_memcpy_s(dst->elements + dstIndex - dst->left,
              sizeof(T) * inputLen,
              src->elements + srcIndex - src->left,
              sizeof(T) * inputLen);
  return dst;
}

ChakraCore

V547 Expression is always true. Probably the '&&' operator should be used here. bytecodegenerator.cpp 805


void ByteCodeGenerator::AssignRegister(Symbol *sym)
{
  AssertMsg(sym->GetDecl() == nullptr ||
            sym->GetDecl()->nop != knopConstDecl ||      // <=
            sym->GetDecl()->nop != knopLetDecl, "...."); // <=

  if (sym->GetLocation() == Js::Constants::NoRegister)
  {
    sym->SetLocation(NextVarRegister());
  }
}

ChakraCore

V547 Expression 'callSiteId >= 0' is always true. Unsigned type value is always >= 0. inline.cpp 1181


typedef uint16 ProfileId;

Func * Inline::BuildInlinee(Js::FunctionBody* funcBody, ....)
{
  ....
  Js::ProfileId callSiteId = static_cast<Js::ProfileId>(....);
  Assert(callSiteId >= 0);
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'callSiteId >= 0' is always true. Unsigned type value is always >= 0. inline.cpp 2627
  • V547 Expression 'callSiteId >= 0' is always true. Unsigned type value is always >= 0. inline.cpp 3657

Computational Network Toolkit

V547 Expression 'val[0] == 0xEF' is always false. The value range of char type: [-128, 127]. file.cpp 462


bool File::IsUnicodeBOM(bool skip)
{
  ....
  else if (m_options & fileOptionsText)
  {
    char val[3];
    file.ReadString(val, 3);
    found = (val[0] == 0xEF && val[1] == 0xBB && val[2] == 0xBF);
  }
  // restore pointer if no BOM or we aren't skipping it
  if (!found || !skip)
  {
    SetPosition(pos);
  }
  ....
}

MPC-HC

V547 Expression '(SpeakerActivityMask & 0xC000) == 0x0C00' is always false. - ADDITIONAL IN CURRENT file_dts.cpp 196


std::string
DTS_HD_SpeakerActivityMask(int16u SpeakerActivityMask)
{
  ....
  if ((SpeakerActivityMask&0xC000)==0x0C00)
  ....
}

Note that 0xC000 and 0x0C00 are used. Apparently these values should have been the same.

Identical errors can be found in some other places:

  • V547 Expression '(SpeakerActivityMask & 0xC000) == 0x0C00' is always false. - ADDITIONAL IN CURRENT file_dts.cpp 264

FreeBSD Kernel

V547 Expression is always true. Probably the '&&' operator should be used here. qla_hw.c 799


static int
qla_tx_tso(qla_host_t *ha, struct mbuf *mp, ....)
{
  ....
  if ((*tcp_opt != 0x01) || (*(tcp_opt + 1) != 0x01) ||
    (*(tcp_opt + 2) != 0x08) || (*(tcp_opt + 2) != 10)) { // <=
    return -1;
  }
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'value < 0' is always false. Unsigned type value is never < 0. ar9300_xmit.c 450

FreeBSD Kernel

V547 Expression 'cdb[0] != 0x28 || cdb[0] != 0x2A' is always true. Probably the '&&' operator should be used here. mfi_tbolt.c 1110


int
mfi_tbolt_send_frame(struct mfi_softc *sc, struct mfi_command*cm)
{
  ....
  if (cdb[0] != 0x28 || cdb[0] != 0x2A) {  // <=`
    if ((req_desc = mfi_tbolt_build_mpt_cmd(sc, cm)) == NULL) {
      device_printf(sc->mfi_dev, "Mapping from MFI "
          "to MPT Failed \n");
      return 1;
    }
  }
  else
    device_printf(sc->mfi_dev, "DJA NA XXX SYSPDIO\n");
  ....
}

FreeBSD Kernel

V547 Expression is always true. Probably the '&&' operator should be used here. igmp.c 1939


static void
igmp_v3_suppress_group_record(struct in_multi *inm)
{
  ....
  if (inm->inm_state != IGMP_G_QUERY_PENDING_MEMBER ||
      inm->inm_state != IGMP_SG_QUERY_PENDING_MEMBER)
    return;
  ....
}

FreeBSD Kernel

V547 Expression 'j >= 0' is always true. Unsigned type value is always >= 0. safe.c 1596


static void
safe_mcopy(struct mbuf *srcm, struct mbuf *dstm, u_int offset)
{
  u_int j, dlen, slen;                   // <=
  caddr_t dptr, sptr;

  /*
   * Advance src and dst to offset.
   */
  j = offset;
  while (j >= 0) {                       // <=
    if (srcm->m_len > j)
      break;
    j -= srcm->m_len;                    // <=
    srcm = srcm->m_next;
    if (srcm == NULL)
      return;
  }
  sptr = mtod(srcm, caddr_t) + j;
  slen = srcm->m_len - j;

  j = offset;
  while (j >= 0) {                       // <=
    if (dstm->m_len > j)
      break;
    j -= dstm->m_len;                    // <=
    dstm = dstm->m_next;
    if (dstm == NULL)
      return;
  }
  dptr = mtod(dstm, caddr_t) + j;
  dlen = dstm->m_len - j;
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'j >= 0' is always true. Unsigned type value is always >= 0. safe.c 1608

Oracle VM Virtual Box

V547 Expression is always false. Unsigned type value is never < 0. dt_subr.c 715


#define vsnprintf RTStrPrintfV

int
dt_printf(dtrace_hdl_t *dtp, FILE *fp, const char *format, ...)
{
  ....
  if (vsnprintf(
        &dtp->dt_buffered_buf[dtp->dt_buffered_offs],
        avail,
        format,
        ap) < 0) {                                   // <=
      rval = dt_set_errno(dtp, errno);
      va_end(ap);
      return (rval);
    }
  ....
}

size_t RTStrPrintfV(char *, size_t, const char *, va_list args); int vsnprintf (char *, size_t, const char *, va_list arg );


Oracle VM Virtual Box

V547 Expression 'sd >= 0' is always true. Unsigned type value is always >= 0. vboxservicevminfo.cpp 1086


static int vgsvcVMInfoWriteNetwork(void)
{
  ....
  SOCKET sd = WSASocket(AF_INET, SOCK_DGRAM, 0, 0, 0, 0);
  ....
  if (pAdpInfo)
        RTMemFree(pAdpInfo);
  if (sd >= 0)    // <=
      closesocket(sd);
  ....
}

Serious Engine 1 v.1.10

V547 Expression is always false. Probably the '||' operator should be used here. entity.cpp 3537


enum RenderType {
  ....
  RT_BRUSH       = 4,
  RT_FIELDBRUSH  = 8,
  ....
};

void
CEntity::DumpSync_t(CTStream &strm, INDEX iExtensiveSyncCheck)
{
  ....
  if( en_pciCollisionInfo == NULL) {
    strm.FPrintF_t("Collision info NULL\n");
  } else if (en_RenderType==RT_BRUSH &&       // <=
             en_RenderType==RT_FIELDBRUSH) {  // <=
    strm.FPrintF_t("Collision info: Brush entity\n");
  } else {
  ....
  }
  ....
}

Serious Engine 1 v.1.10

V547 Expression is always true. Probably the '&&' operator should be used here. propertycombobar.cpp 1853


CEntity *CPropertyComboBar::GetSelectedEntityPtr(void)
{
 // obtain selected property ID ptr
 CPropertyID *ppidProperty = GetSelectedProperty();
 // if there is valid property selected
 if( (ppidProperty == NULL) ||
 (ppidProperty->pid_eptType != CEntityProperty::EPT_ENTITYPTR) ||
 (ppidProperty->pid_eptType != CEntityProperty::EPT_PARENT) )
 {
   return NULL;
 }
 ....
}

Serious Engine 1 v.1.10

V547 Expression 'ulUsedShadowMemory >= 0' is always true. Unsigned type value is always >= 0. gfxlibrary.cpp 1693


void CGfxLibrary::ReduceShadows(void)
{
  ULONG ulUsedShadowMemory = ....;
  ....
  ulUsedShadowMemory -= sm.Uncache();  // <=
  ASSERT( ulUsedShadowMemory>=0);      // <=
  ....
}

Serious Engine 1 v.1.10

V547 Expression 'achrLine != ""' is always true. To compare strings you should use strcmp() function. worldeditor.cpp 2254


void CWorldEditorApp::OnConvertWorlds()
{
  ....
  char achrLine[256];                // <=
  CTFileStream fsFileList;

  // count lines in list file
  try {
    fsFileList.Open_t( fnFileList);
    while( !fsFileList.AtEOF()) {
      fsFileList.GetLine_t( achrLine, 256);
      // increase counter only for lines that are not blank
      if( achrLine != "") ctLines++; // <=
    }
    fsFileList.Close();
  }
  ....
}

if(strcmp(achrLine, "") != 0) ctLines++;

Identical errors can be found in some other places:

  • V547 Expression is always true. To compare strings you should use strcmp() function. propertycombobar.cpp 965
  • V547 Expression 'achrLine == ""' is always false. To compare strings you should use strcmp() function. worldeditor.cpp 2293

OpenToonz

V547 Expression '(int) startOutPoints.size() % 2 != 2' is always true. rasterselection.cpp 852


TStroke getIntersectedStroke(TStroke &stroke, TRectD bbox)
{
  ....
  for (t = 0; t < (int)outPoints.size(); t++)
    addPointToVector(...., (int)startOutPoints.size() % 2 != 2);
  ....
}

PHP:Hypertext Preprocessor

V547 Expression is always false. Unsigned type value is never < 0. spl_directory.c 2886


#define MIN(a, b)   (((a)<(b))?(a):(b))
#define MAX(a, b)  (((a)>(b))?(a):(b))

SPL_METHOD(SplFileObject, fwrite)
{
  ....
  size_t str_len;
  zend_long length = 0;
  ....
  str_len = MAX(0, MIN((size_t)length, str_len));
  ....
}

Firebird

V547 Expression 'bdb->bdb_page.getPageNum() >= 0' is always true. Unsigned type value is always >= 0. cch.cpp 4827


static bool write_page(thread_db* tdbb, BufferDesc* bdb, ....)
{
  ....
  if (bdb->bdb_page.getPageNum() >= 0)
  ....
}

7-Zip

V547 Expression 'newSize < 0' is always false. Unsigned type value is never < 0. update.cpp 254


STDMETHODIMP COutMultiVolStream::SetSize(UInt64 newSize)
{
  if (newSize < 0)    // <=
    return E_INVALIDARG;
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'rec.SiAttr.SecurityId >= 0' is always true. Unsigned type value is always >= 0. ntfshandler.cpp 2142
  • V547 Expression 's.Len() >= 0' is always true. Unsigned type value is always >= 0. xarhandler.cpp 258

Open X-Ray Engine

V547 Expression is always true. Probably the '&&' operator should be used here. configs_dumper.cpp 262


void configs_dumper::dumper_thread(void* my_ptr)
{
  ....
  DWORD wait_result = WaitForSingleObject(
             this_ptr->m_make_start_event, INFINITE);
  while ( wait_result != WAIT_ABANDONED) ||
         (wait_result != WAIT_FAILED))
  ....
}

Open X-Ray Engine

V547 Expression 'squad->get_index(this) == u32(- 1)' is always false. The value range of unsigned char type: [0, 255]. ai_rat.cpp 480


void CAI_Rat::UpdateCL()
{
  ....
  if (!Useful()) {
    inherited::UpdateCL        ();
    Exec_Look                  (Device.fTimeDelta);

    CMonsterSquad *squad = monster_squad().get_squad(this);

    if (squad && ((squad->GetLeader() != this &&
                  !squad->GetLeader()->g_Alive()) ||
                 squad->get_index(this) == u32(-1)))
      squad->SetLeader(this);

    ....
  }
  ....
}

Open X-Ray Engine

V547 Expression 'm_tActionCondition.m_tLifeTime >= 0' is always true. Unsigned type value is always >= 0. script_entity_action_inline.h 115


namespace ALife
{
  typedef u64 _TIME_ID;
}
ALife::_TIME_ID CScriptActionCondition::m_tLifeTime;

IC bool CScriptEntityAction::CheckIfTimeOver()
{
  return((m_tActionCondition.m_tLifeTime >= 0) &&
         ((m_tActionCondition.m_tStartTime +
           m_tActionCondition.m_tLifeTime)
                        < Device.dwTimeGlobal));
}

Identical errors can be found in some other places:

  • V547 Expression 'm_tActionCondition.m_tLifeTime < 0' is always false. Unsigned type value is never < 0. script_entity_action_inline.h 143

CPython

V547 Expression 's->sock_fd < 0' is always false. Unsigned type value is never < 0. socketmodule.c 655


#ifdef MS_WINDOWS
typedef SOCKET SOCKET_T;
#else
typedef int SOCKET_T;
#endif
typedef struct {
  PyObject_HEAD
  SOCKET_T sock_fd; /* Socket file descriptor */
  ....
} PySocketSockObject;

static int
internal_select(PySocketSockObject *s,
                int writing,
                _PyTime_t interval,
                int connect)
{
  ....
  if (s->sock_fd < 0) // <=
    return 0;
  ....
}

CryEngine V

V547 Expression 'pszScript[iSrcBufPos] != '=='' is always true. The value range of char type: [-128, 127]. luadbg.cpp 716


bool CLUADbg::LoadFile(const char* pszFile, bool bForceReload)
{
  FILE* hFile = NULL;
  char* pszScript = NULL, * pszFormattedScript = NULL;
  ....
  while (pszScript[iSrcBufPos] != ' ' &&
    ....
    pszScript[iSrcBufPos] != '=' &&
    pszScript[iSrcBufPos] != '==' &&  // <=
    pszScript[iSrcBufPos] != '*' &&
    pszScript[iSrcBufPos] != '+' &&
    pszScript[iSrcBufPos] != '/' &&
    pszScript[iSrcBufPos] != '~' &&
    pszScript[iSrcBufPos] != '"')
  {}
  ....
}

CryEngine V

V547 Expression 'm_socket < 0' is always false. Unsigned type value is never < 0. servicenetwork.cpp 585


typedef SOCKET CRYSOCKET;
// Internal socket data
CRYSOCKET m_socket;

bool CServiceNetworkConnection::TryReconnect()
{
  ....
  // Create new socket if needed
  if (m_socket == 0)
  {
    m_socket = CrySock::socketinet();
    if (m_socket < 0)
    {
      ....
      return false;
    }
  }
  ....
}

ICQ

V547 Expression '"audio_playback_mute"' is always true. core im_container.cpp 329


void core::im_container::on_voip_call_message(....)
{
  ....
  } else if (type == "update") {
  ....
  } else if (type == "voip_set_window_offsets") {
  ....
  } else if (type == "voip_reset") {
  ....
  else if ("audio_playback_mute")
  {
    const std::string mode = _params.get_value_as_string("mute");
    im->on_voip_set_mute(mode == "on");
  }
  else {
    assert(false);
  }
}

CodeLite

V547 Expression 'type.Lower() == "Array"' is always false. NodeJSOuptutParser.h 61


struct NodeJSHandle {
  wxString type;
  ....
  bool IsString() const {return type.Lower() == "string";}
  bool IsArray() const {return type.Lower() == "Array"; }  // <=
};

Clang

V547 Expression is always true. Probably the '&&' operator should be used here. LoopInterchange.cpp 208


static bool containsNoDependence(CharMatrix &DepMatrix,
                                 unsigned Row,
                                 unsigned Column) {
  for (unsigned i = 0; i < Column; ++i) {
    if (DepMatrix[Row][i] != '=' || DepMatrix[Row][i] != 'S' ||
        DepMatrix[Row][i] != 'I')
      return false;
  }
  return true;
}

Partio

V547 Expression '"R"' is always true. PDA.cpp 90


ParticlesDataMutable* readPDA(....)
{
  ....
  if(word == "V"){
      attrs.push_back(simple->addAttribute(....);
  }else if("R"){                                  // <=
      attrs.push_back(simple->addAttribute(....);
  }else if("I"){                                  // <=
      attrs.push_back(simple->addAttribute(....);
  }
  ....
}

OpenSubdiv

V547 Expression 'buffer[0] == '\r' && buffer[0] == '\n ' ' is always false. Probably the '||' operator should be used here. hdr_reader.cpp 84


unsigned char *loadHdr(....)
{
  ....
  if (! fgets(buffer, MAXLINE, fp)) goto error;
  if (buffer[0] == '\n') break;
  if (buffer[0] == '\r' && buffer[0] == '\n') break;   // <=
  ....
}

Linux Kernel

V547 Expression '(ptr[3] & 0x1E) != 0x03' is always true. sd.c 4115


int ext_sd_send_cmd_get_rsp(struct rtsx_chip *chip,
    u8 cmd_idx, u32 arg, u8 rsp_type,
    u8 *rsp, int rsp_len, bool special_check)
{
  int retval;
  int timeout = 100;
  u16 reg_addr;
  u8 *ptr;

  ....

  if (cmd_idx == SELECT_CARD) {
    if (rsp_type == SD_RSP_TYPE_R2) {
      if ((ptr[3] & 0x1E) != 0x04) {
        rtsx_trace(chip);
        return STATUS_FAIL;
      }

    } else if (rsp_type == SD_RSP_TYPE_R0) {
      if ((ptr[3] & 0x1E) != 0x03) {           // <=
        rtsx_trace(chip);
        return STATUS_FAIL;
      }
    }
  }

  ....
}

Linux Kernel

V547 Expression 'block' is always true. svclock.c 873


void
nlmsvc_grant_reply(struct nlm_cookie *cookie, __be32 status)
{
  struct nlm_block  *block;

  dprintk("grant_reply: looking for cookie %x, s=%d \n",
    *(unsigned int *)(cookie->data), status);
  if (!(block = nlmsvc_find_block(cookie)))
    return;

  if (block) {
    if (status == nlm_lck_denied_grace_period) {
      /* Try again in a couple of seconds */
      nlmsvc_insert_block(block, 10 * HZ);
    } else {
      /* Lock is now held by client, or has been rejected.
       * In both cases, the block should be removed. */
      nlmsvc_unlink_block(block);
    }
  }
  nlmsvc_release_block(block);
}

Linux Kernel

V547 Expression 'sym' is always true. menu.c 498


bool menu_is_visible(struct menu *menu)
{
  struct menu *child;
  struct symbol *sym;

  ....

  if (!sym || sym_get_tristate_value(menu->sym) == no) // <=
    return false;

  for (child = menu->list; child; child = child->next) {
    if (menu_is_visible(child)) {
      if (sym)                                         // <=
        sym->flags |= SYMBOL_DEF_USER;
      return true;
    }
  }

  return false;
}

CMaNGOS

V547 Expression is always false. Probably the '||' operator should be used here. SpellEffects.cpp 2872


void Spell::EffectEnchantItemTmp(SpellEffectIndex eff_idx)
{
  ....
  // TODO: Strange stuff in following code
  // shaman family enchantments
  if (....)
      duration = 300;
  else if (m_spellInfo->SpellIconID == 241 &&
           m_spellInfo->Id != 7434)
      duration = 3600;
  else if (m_spellInfo->Id == 28891 &&               // <=
           m_spellInfo->Id == 28898)                 // <=
      duration = 3600;
  ....
}

Identical errors can be found in some other places:

  • V547 Expression is always false. Probably the '||' operator should be used here. SpellEffects.cpp 2872
  • V547 Expression is always true. Probably the '&&' operator should be used here. genrevision.cpp 261
  • V547 Expression is always true. Probably the '&&' operator should be used here. vmapexport.cpp 361
  • And 2 additional diagnostic messages.

FreeBSD Kernel

V547 Expression 'cfgflags >= 0 || cfgflags <= 3' is always true. hwpmc_piv.c 812


static int
p4_config_pmc(int cpu, int ri, struct pmc *pm)
{
  ....
  int cfgflags, cpuflag;
  ....
  KASSERT(cfgflags >= 0 || cfgflags <= 3,
      ("[p4,%d] illegal cfgflags cfg=%d on cpu=%d ri=%d",
    __LINE__, cfgflags, cpu, ri));
  ....
  KASSERT(cfgflags >= 0 || cfgflags <= 3,
      ("[p4,%d] illegal runcount cfg=%d on cpu=%d ri=%d",
    __LINE__, cfgflags, cpu, ri));
  ....
}

Identical errors can be found in some other places:

  • V547 Expression 'cfgflags >= 0 || cfgflags <= 3' is always true. hwpmc_piv.c 838
  • V547 Expression 'cdb[0] != 0x28 || cdb[0] != 0x2A' is always true. Probably the '&&' operator should be used here. mfi_tbolt.c 1110

RPCS3

V547 Expression 'sock < 0' is always false. Unsigned type value is never < 0. sys_net.cpp 695


#ifdef _WIN32
  using socket_t = SOCKET;
#else
  using socket_t = int;
#endif

s32 socket(s32 family, s32 type, s32 protocol)
{
  ....
  socket_t sock = ::socket(family, type, protocol);

  if (sock < 0)
  {
    libnet.error("socket()....", get_errno() = get_last_error());
    return -1;
  }
  ....
}

FreeBSD Kernel

V547 Expression is always false. Unsigned type value is never < 0. ng_nat.c 374


unsigned int
LibAliasSetMode(struct libalias *, unsigned int _flags,
                unsigned int _mask);

static int
ng_nat_rcvmsg(node_p node, item_p item, hook_p lasthook)
{
  ....
  if (LibAliasSetMode(priv->lib,
      ng_nat_translate_flags(mode->flags),
      ng_nat_translate_flags(mode->mask)) < 0) {
    error = ENOMEM;
    break;
  }
  ....
}

FreeBSD Kernel

V547 Expression is always false. scif_sas_controller.c 531


....
U16  max_ncq_depth;
....
SCI_STATUS scif_user_parameters_set(
   SCI_CONTROLLER_HANDLE_T   controller,
   SCIF_USER_PARAMETERS_T  * scif_parms
)
{
  ....
   if (scif_parms->sas.max_ncq_depth < 1 &&
       scif_parms->sas.max_ncq_depth > 32)
     return SCI_FAILURE_INVALID_PARAMETER_VALUE;
  ....
}

CryEngine V

V547 Expression 'outArrIndices[i] < 0' is always false. Unsigned type value is never < 0. CGFLoader.cpp 881


static bool CompactBoneVertices(....,
  DynArray<uint16>& outArrIndices, ....)           // <= uint16
{
  ....
  outArrIndices.resize(3 * inFaceCount, -1);

  int outVertexCount = 0;
  for (int i = 0; i < verts.size(); ++i)
  {
    ....
    outArrIndices[....] = outVertexCount - 1;
  }

  // Making sure that the code above has no bugs   // <= LOL
  for (int i = 0; i < outArrIndices.size(); ++i)
  {
    if (outArrIndices[i] < 0)                      // <= LOL
    {
      return false;
    }
  }

  return true;
}

TensorFlow

V547 Expression 'to_unref' is always false. master_session.cc 1114


Status MasterSession::StartStep(const BuildGraphOptions& opts,
                                int64* count,
                                ReffedClientGraph** rcg,
                                bool is_partial) {
  ....
  ReffedClientGraph* to_unref = nullptr;
  ....
  if (to_unref) to_unref->Unref();
  ....
}

Valgrind

V547 Expression 'ce->off >= 0' is always true. Unsigned type value is always >= 0. image.c 147


typedef  ULong  DiOffT;

typedef
   struct {
      Bool   fromC;
      DiOffT off;
      SizeT  size;
      SizeT  used;
      UChar  data[];
   }
   CEnt;

static Bool is_sane_CEnt ( .... )
{
  ....
  CEnt* ce = img->ces[i];
  ....
  if (!(ce->size == CACHE_ENTRY_SIZE)) goto fail;
  if (!(ce->off >= 0)) goto fail;                         // <=
  if (!(ce->off + ce->used <= img->real_size)) goto fail;
  ....
}

Valgrind

V547 Expression '((void *) 0)' is always false. server.c 110


#define NULL ((void *) 0)

void reset_valgrind_sink(const char *info)
{
   if (VG_(log_output_sink).fd != initial_valgrind_sink.fd
       && initial_valgrind_sink_saved) {
      VG_(log_output_sink).fd = initial_valgrind_sink.fd;
      VG_(umsg) ("Reset valgrind output to log (%s)\n",
                 (info = NULL ? "" : info));                // <=
   }
}

Most likely this is what should be written here: (info == NULL ? "" : info)



Do you make errors in the code?

Check your code
with PVS-Studio

Static code analysis
for C, C++ and C#

goto PVS-Studio;