Examples of errors detected by the V1004 diagnostic


V1004. The pointer was used unsafely after it was verified against nullptr.


Rosegarden

V1004 The 'track' pointer was used unsafely after it was verified against nullptr. Check lines: 319, 329. MatrixView.cpp 329


void
MatrixView::slotUpdateWindowTitle(bool m)
{
  ....
  Track *track =
    m_segments[0]->getComposition()->getTrackById(trackId);

  int trackPosition = -1;
  if (track)
      trackPosition = track->getPosition();                // <=

  QString segLabel = strtoqstr(m_segments[0]->getLabel());
  if (segLabel.isEmpty()) {
      segLabel = " ";
  } else {
      segLabel = QString(" \"%1\" ").arg(segLabel);
  }

  QString trkLabel = strtoqstr(track->getLabel());         // <=
  ....
}

Similar errors can be found in some other places:

  • V1004 The 'track' pointer was used unsafely after it was verified against nullptr. Check lines: 2528, 2546. RosegardenDocument.cpp 2546
  • V1004 The 'inst' pointer was used unsafely after it was verified against nullptr. Check lines: 392, 417. ManageMetronomeDialog.cpp 417
  • V1004 The 'controller' pointer was used unsafely after it was verified against nullptr. Check lines: 75, 84. ControllerEventsRuler.cpp 84

Steinberg SDKs

V1004 The 'module' pointer was used unsafely after it was verified against nullptr. Check lines: 76, 84. audiohost.cpp 84


void App::startAudioClient (....)
{
  std::string error;
  module = VST3::Hosting::Module::create (path, error);
  if (!module)
  {
    std::string reason = "Could not create Module for file:";
    reason += path;
    reason += "\nError: ";
    reason += error;
    // EditorHost::IPlatform::instance ().kill (-1, reason);
  }
  auto factory = module->getFactory ();
  ....
}

PDFium

V1004 CWE-476 The 'pObject2Device' pointer was used unsafely after it was verified against nullptr. Check lines: 237, 248. cfx_psrenderer.cpp 248


void CFX_PSRenderer::SetClip_PathStroke(....,
  const CFX_Matrix* pObject2Device, ....)
{
  ....
  if (pObject2Device) {
    ....
  }
  ....
  m_ClipBox.Intersect(
    pObject2Device->TransformRect(rect).GetOuterRect());
  ....
}

The pObject2Device pointer may be null, as evidenced by a check of this pointer for its equality for nullptr. However, the pointer is dereferenced before the preliminary check.

Similar errors can be found in some other places:

  • V1004 CWE-476 The 'pGraphState' pointer was used unsafely after it was verified against nullptr. Check lines: 964, 977. fx_win32_gdipext.cpp 977

PDFium

V1004 CWE-476 The 'pGraphState' pointer was used unsafely after it was verified against nullptr. Check lines: 101, 110. fx_win32_device.cpp 110


HPEN CreatePen(const CFX_GraphStateData* pGraphState, ....)
{
  ....
  if (pGraphState) {
    width = scale * pGraphState->m_LineWidth;
  } else {
    width = 1.0f;
  }
  uint32_t PenStyle = PS_GEOMETRIC;
  if (width < 1) {
    width = 1;
  }
  if (pGraphState->m_DashCount) {
  ....
}

The pGraphState pointer may be null, as evidenced by a check of this pointer for its equality for nullptr. However, the pointer is dereferenced before the preliminary check.


SwiftShader

V1004 CWE-476 The 'shader' pointer was used unsafely after it was verified against nullptr. Check lines: 43, 53. vertexprogram.cpp 53


VertexProgram::VertexProgram(...., const VertexShader *shader)
  : VertexRoutine(state, shader),
    shader(shader),
    r(shader->dynamicallyIndexedTemporaries)
{
  ....
  if(shader && shader->containsBreakInstruction())
  {
    enableBreak = ....;
  }

  if(shader && shader->containsContinueInstruction())
  {
    enableContinue = ....;
  }

  if(shader->isInstanceIdDeclared())
  {
    instanceID = ....;
  }
}

The shader pointer may be null, as evidenced by a check of this pointer for its equality for nullptr. However, the pointer is dereferenced before the preliminary check.


XNU kernel

V1004 CWE-476 The 'fakeif' pointer was used unsafely after it was verified against nullptr. Check lines: 566, 572. if_fake.c 572


static void
feth_start(ifnet_t ifp)
{
  ....
  if_fake_ref  fakeif;
  ....
  if (fakeif != NULL) {
    peer = fakeif->iff_peer;
    flags = fakeif->iff_flags;
  }

  /* check for pending TX */
  m = fakeif->iff_pending_tx_packet;
  ....
}

The check "if (fakeif != NULL)" tells us that the pointer fakeif can be null. However, further the pointer is dereferenced before the preliminary check.

Similar errors can be found in some other places:

  • V1004 CWE-476 The 'rt->rt_ifp' pointer was used unsafely after it was verified against nullptr. Check lines: 138, 140. netsrc.c 140

Krita

V1004 The 'sb' pointer was used unsafely after it was verified against nullptr. Check lines: 665, 670. KisView.cpp 670


void KisView::slotSavingStatusMessage(const QString &text,
                                      int timeout,
                                      bool isAutoSaving)
{
    QStatusBar *sb = statusBar();
    if (sb) // <=
        sb->showMessage(text, timeout);

    KisConfig cfg;

    if (sb->isHidden() || // <=
        (!isAutoSaving && cfg.forceShowSaveMessages()) ||
        (cfg.forceShowAutosaveMessages() && isAutoSaving)) {

        viewManager()->showFloatingMessage(text, QIcon());
    }
}

Similar errors can be found in some other places:

  • V1004 The 'd->viewManager' pointer was used unsafely after it was verified against nullptr. Check lines: 338, 365. KisView.cpp 365

Android

V1004 CWE-476 The 'ain' pointer was used unsafely after it was verified against nullptr. Check lines: 101, 105. rsCpuIntrinsicBLAS.cpp 105


static void setupGEMM(...., const Allocation **ain, ....) {
  uint32_t mm, nn, kk;
  mm = call->M;
  nn = call->N;
  kk = call->K;

  memset(mtls, 0, sizeof(MTLaunchStructForEachBlas));
  mtls->rs        = ctx;
  mtls->sc        = call;
  mtls->dimPtr    = &mtls->fep.dim;
  mtls->fep.dim.x = nn;
  mtls->fep.dim.y = mm;
  mtls->fep.dim.z = kk;
  if (ain) {                            // <=
    memcpy(mtls->ains, ain, 3 * sizeof(ain[0]));
  }
  uint32_t elementBytes = 4;
  if (ain[0]) {                         // <=
    elementBytes =
      ain[0]->getType()->getElement()->getSizeBytes();
  }
  ....
}

Android

V1004 CWE-476 The 'p_clcb->p_srcb' pointer was used unsafely after it was verified against nullptr. Check lines: 695, 701. bta_gattc_act.cc 701


void bta_gattc_disc_cmpl(tBTA_GATTC_CLCB* p_clcb,
                         UNUSED_ATTR tBTA_GATTC_DATA* p_data) {
  ....
  if (p_clcb->status != GATT_SUCCESS) {
    if (p_clcb->p_srcb) {
      std::vector<tBTA_GATTC_SERVICE>().swap(
        p_clcb->p_srcb->srvc_cache);
    }
    bta_gattc_cache_reset(p_clcb->p_srcb->server_bda);
  }  ....
}


Do you make errors in the code?

Check your code
with PVS-Studio

Static code analysis
for C, C++, and C#

goto PVS-Studio;