Examples of errors detected by the V522 diagnostic.


V522. Dereferencing of the null pointer might take place.


Chromium

V522 Dereferencing of the null pointer 'plugin_instance' might take place. Check the logical condition. chrome_frame_npapi chrome_frame_npapi.cc 517


bool ChromeFrameNPAPI::Invoke(....)
{
  ChromeFrameNPAPI* plugin_instance =
    ChromeFrameInstanceFromNPObject(header);
  if (!plugin_instance &&
      (plugin_instance->automation_client_.get()))
    return false;
  ...
}

Clang

V522 Dereferencing of the null pointer 'DI' might take place. llvm-tblgen dagiselmatchergen.cpp 220


void MatcherGen::EmitLeafMatchCode(const TreePatternNode *N) {
  ...
  if (DI == 0) {
    errs() << "Unknown leaf kind: " << *DI << "\n";
    abort();
  }
  ...
}

PCSX2

V522 Dereferencing of the null pointer 'ptag' might take place. pcsx2 spr.cpp 376


void _SPR1interleave() {
  ...
  u32 *ptag;
  ...
  if (ptag == NULL) {                      // <=
   SysPrintf("SPR1 Tag BUSERR\n");
   spr1->chcr = ( spr1->chcr & 0xFFFF ) |
                ( (*ptag) & 0xFFFF0000 );  // <=
   psHu32(DMAC_STAT)|= 1<<15;
   done = 1;
   spr1finished = done;
   return;
  }
  ...
}

GeoLib

V522 Dereferencing of the null pointer 'pRect' might take place. geOLib geolib.cpp 3282


void WINAPI _GetMonitorRectByIndex( int iMonitor, RECT* pRect )
{
 int iMonitorCount = ::GetSystemMetrics( SM_CMONITORS );

 if ( iMonitor <= iMonitorCount || pRect != NULL ) // <=
 {
  if ( iMonitorCount == 1 )
  {
    pRect->left = 0;
    pRect->top = 0;
    pRect->right = GetSystemMetrics( SM_CXSCREEN );
    pRect->bottom = GetSystemMetrics( SM_CYSCREEN );
  }
  ...
 }
 else
 {
   pRect->left   = -1;   // <=
   pRect->top    = -1;
   pRect->right  = -1;
   pRect->bottom = -1;
 }
}

Blender

V522 Dereferencing of the null pointer 'tpart' might take place. bf_render convertblender.c 1788


static int render_new_particle_system(....)
{
  ParticleSettings *part, *tpart=0;
  ...
  // tpart don't used
  ...
  psys_particle_on_emitter(psmd,tpart->from,tpa->num,
    pa->num_dmcache,tpa->fuv,tpa->foffset,
    co,nor,0,0,sd.orco,0);
  ...
}

Visualization Toolkit (VTK)

V522 Dereferencing of the null pointer 'td' might take place. CommonCxxTests testconditionvariable.cxx 96


VTK_THREAD_RETURN_TYPE vtkTestCondVarThread( void* arg )
{
  ...
  if ( td )                  // <=
  {
    ...
  }
  else
  {
    cout << "No thread data!\n";
    cout << "  Thread " << ( threadId + 1 )
         << " of " << threadCount << " exiting.\n";

    -- td->NumberOfWorkers;  // <=

    cout.flush();
  }
  ...
}

ffdshow

V522 Dereferencing of the null pointer 'audio' might take place. tffdshowdecaudioinputpin.cpp 468


STDMETHODIMP_(bool) TffdshowDecAudioInputPin::getsf(
  TsampleFormat &outsf)
{
  if (!audio)                                      // <=
  {
    .... // audio don't used
    } else if (bitstream_codec(audio->codecId)) {  // <=
      outsf.sf = TsampleFormat::getSampleFormat(codecId);
      outsf.alternateSF = filter->insf.alternateSF;
      return true;
    }
  } else {
  .....
}

D programming language

V522 Dereferencing of the null pointer 'v' might take place. interpret.c 1711


Expression *getVarExp(Loc loc, InterState *istate,
                      Declaration *d, CtfeGoal goal)
{
  ....
  VarDeclaration *v = d->isVarDeclaration();
  if (v)
  {
    ....
  }
  else if (s)
  {
    if (s->dsym->toInitializer() == s->sym)
      ....
    else
      error(loc,
            "cannot interpret symbol %s at compile time",
            v->toChars());
  }
  ....
}

ReactOS

V522 Dereferencing of the null pointer 'device' might take place. bus.c 762


static void
acpi_bus_notify (....)
{
  struct acpi_device *device = NULL;
  ....
  switch (type) {
    ....
    case ACPI_NOTIFY_EJECT_REQUEST:
      DPRINT1("Received EJECT REQUEST "
              "notification for device [%s]\n",
              device->pnp.bus_id);
      /* TBD */
      break;
    ....
  }
}

Similar errors can be found in some other places:

  • V522 Dereferencing of the null pointer 'device' might take place. bus.c 768
  • V522 Dereferencing of the null pointer 'device' might take place. bus.c 774
  • V522 Dereferencing of the null pointer 'device' might take place. bus.c 780
  • And 1 additional diagnostic messages.

ReactOS

V522 Dereferencing of the null pointer 'tag' might take place. ir_reader.cpp 904


ir_texture *
ir_reader::read_texture(s_expression *expr)
{
  s_symbol *tag = NULL;
  ....
  } else if (MATCH(expr, other_pattern)) {
    op = ir_texture::get_opcode(tag->value());
    if (op == -1)
      return NULL;
  }
  ....
}

Similar errors can be found in some other places:

  • V522 Dereferencing of the null pointer 's_shadow' might take place. ir_reader.cpp 964
  • V522 Dereferencing of the null pointer 'BootSectorInfo' might take place. disksup.c 1750
  • V522 Dereferencing of the null pointer 'BootSectorInfo' might take place. disksup.c 1751
  • And 1 additional diagnostic messages.

Windows 8 Driver Samples

V522 Dereferencing of the null pointer 'pSensor' might take place. sensorddi.cpp 903


HRESULT CSensorDDI::OnGetDataFields(....)
{
  ....
  if (nullptr != pSensor)
  {
    ....
  }
  else
  {
    hr = E_POINTER;
    Trace(TRACE_LEVEL_ERROR,
      "pSensor == NULL before getting datafield %!GUID!-%i "
      "value from %s, hr = %!HRESULT!",
      &Key.fmtid, Key.pid, pSensor->m_SensorName, hr);
  }
}

Similar errors can be found in some other places:

  • V522 Dereferencing of the null pointer 'pSensor' might take place. sensorddi.cpp 1852

NetXMS

V522 Dereferencing of the null pointer 'subnet' might take place. session.cpp 10823


void ClientSession::findIpAddress(CSCPMessage *request)
{
  ....
  if (subnet != NULL)
  {
    debugPrintf(5, _T("findIpAddress(%s): found subnet %s"),
                ipAddrText,
                subnet->Name());
    found = subnet->findMacAddress(ipAddr, macAddr);
  }
  else
  {
    debugPrintf(5, _T("findIpAddress(%s): subnet not found"),
                ipAddrText,
                subnet->Name());
  }
  ....
}

Multi Theft Auto

V522 Dereferencing of the null pointer 'pPlayer' might take place. cgame.cpp 1895


void CGame::Packet_PlayerJoinData ( .... )
{
  ....
  // Add the player
  CPlayer* pPlayer = m_pPlayerManager->Create (....);
  if ( pPlayer )
  {
    ....
  }
  else
  {
    // Tell the console
    CLogger::LogPrintf(
      "CONNECT: %s failed to connect "
      "(Player Element Could not be created.)\n",
      pPlayer->GetSourceIP() );
  }
  ....
}

Similar errors can be found in some other places:

  • V522 Dereferencing of the null pointer 'pPlayer' might take place. cgame.cpp 1901

Multi Theft Auto

V522 Dereferencing of the null pointer 'szCmdLine' might take place. Check the logical condition. clientcommands.cpp 396


void COMMAND_MessageTarget ( const char* szCmdLine )
{
  if ( !(szCmdLine || szCmdLine[0]) )
    return;
  ....
}

Trans-Proteomic Pipeline

V522 Dereferencing of the null pointer 'pepIndx' might take place. asapcgidisplay2main.cxx 534


void ASAPRatio_getDataStrctRatio(dataStrct *data, ....)
{
  ....
  int *outliers, *pepIndx=NULL;
  ....
  //pepIndx don't used
  ....
  if(data->dataCnts[i] == 1 && pepIndx[i] == 0)
     data->dataCnts[i] = 0;
  ....
}

Similar errors can be found in some other places:

  • V522 Dereferencing of the null pointer 'peptides' might take place. asapcgidisplay2main.cxx 556
  • V522 Dereferencing of the null pointer 'peptides' might take place. asapcgidisplay2main.cxx 557
  • V522 Dereferencing of the null pointer 'peptides' might take place. asapcgidisplay2main.cxx 558
  • And 3 additional diagnostic messages.

Data Distribution Service

V522 Dereferencing of the null pointer 'file' might take place. util.h 24


static ACE_FILE_IO *audio_to_text (ACE_FILE_Addr &,
                                   ACE_FILE_Addr &dest)
{
  ACE_FILE_Connector connector;
  ACE_FILE_IO *file = 0;
  if (connector.connect (*file, dest) == -1)
  ....
}

Similar errors can be found in some other places:

  • V522 Dereferencing of the null pointer 'file' might take place. util.h 39

Scilab

V522 Dereferencing of the null pointer 'dataPtr' might take place. scilababstractmemoryallocator.hxx 222


inline static int *alloc(void * pvApiCtx, const int position,
  const int rows, const int cols, int * ptr)
{
  int * _ptr = 0;
  SciErr err = allocMatrixOfInteger32(
    pvApiCtx, position, rows, cols, &_ptr);
  checkError(err);
  return _ptr;
}

inline static void create(void * pvApiCtx, const int position,
  const int rows, const int cols, long long * ptr)
{
  int * dataPtr = 0;
  alloc(pvApiCtx, position, rows, cols, dataPtr);
  for (int i = 0; i < rows * cols; i++)
  {
    dataPtr[i] = static_cast<int>(ptr[i]);
  }
}

This is what should have been written here: dataPtr = alloc(pvApiCtx, position, rows, cols, dataPtr);

Similar errors can be found in some other places:

  • V522 Dereferencing of the null pointer 'dataPtr' might take place. scilababstractmemoryallocator.hxx 237
  • V522 Dereferencing of the null pointer 'ptr' might take place. scilababstractmemoryallocator.hxx 401

Unreal Engine 4

V522 Dereferencing of the null pointer 'LevelStreamingObject' might take place. unrealengine.cpp 10768


bool UEngine::CommitMapChange( FWorldContext &Context )
{
  ....
  LevelStreamingObject = Context.World()->StreamingLevels[j];
  if (LevelStreamingObject != NULL)
  {
    ....
  }
  else
  {
    check(LevelStreamingObject);
    UE_LOG(LogStreaming, Log,
           TEXT("Unable to handle streaming object %s"),
           *LevelStreamingObject->GetName());
  }
  ....
}

Unreal Engine 4

V522 Dereferencing of the null pointer 'GStreamingPauseBackground' might take place. streamingpauserendering.cpp 197


void FStreamingPause::Init()
{
  ....
  if( GStreamingPauseBackground == NULL && GUseStreamingPause )
  {
    // @todo UE4 merge andrew
    // GStreamingPauseBackground = new FFrontBufferTexture(....);
    GStreamingPauseBackground->InitRHI();
  }
}

Qt

V522 Dereferencing of the null pointer 'dn' might take place. qdocindexfiles.cpp 539


void QDocIndexFiles::readIndexSection(....)
{
  ....
  DocNode* dn = qdb_->findGroup(groupNames[i]);
  if (dn) {
    dn->addMember(node);
  }
  else {
    ....
    qDebug() << "DID NOT FIND GROUP:" << dn->name()
             << "for:" << node->name();
  }
  ....
}

Qt

V522 Dereferencing of the null pointer 'm' might take place. qquickcontext2d.cpp 3169


QV4::ReturnedValue QQuickJSContext2DPixelData::getIndexed(
  QV4::Managed *m, uint index, bool *hasProperty)
{
  ....
  if (!m)
    return m->engine()->currentContext()->throwTypeError();
  ....
}

OpenJPEG

V522 Dereferencing of the null pointer 'l_image' might take place. j2k.c 5205


bool j2k_write_rgn(....)
{
  OPJ_BYTE * l_current_data = 00;
  OPJ_UINT32 l_nb_comp;
  OPJ_UINT32 l_rgn_size;
  opj_image_t *l_image = 00;
  opj_cp_t *l_cp = 00;
  opj_tcp_t *l_tcp = 00;
  opj_tccp_t *l_tccp = 00;
  OPJ_UINT32 l_comp_room;

  // preconditions
  assert(p_j2k != 00);
  assert(p_manager != 00);
  assert(p_stream != 00);

  l_cp = &(p_j2k->m_cp);
  l_tcp = &l_cp->tcps[p_tile_no];
  l_tccp = &l_tcp->tccps[p_comp_no];

  l_nb_comp = l_image->numcomps;
  ....
}

Miranda NG

V522 Dereferencing of the null pointer 'cont' might take place. EmLanProto mlan.cpp 342


void CMLan::OnRecvPacket(u_char* mes, int len, in_addr from)
{
  ....
  TContact* cont = m_pRootContact;
  ....
  if (!cont)
    RequestStatus(true, cont->m_addr.S_un.S_addr);
  ....
}

LibreOffice

V522 Dereferencing of the null pointer 'pLabelData' might take place. Check the logical condition. pivotlayouttreelistdata.cxx 157


void ScPivotLayoutTreeListData::PushDataFieldNames(
  vector<ScDPName>& rDataFieldNames)
{
  ....
  ScDPLabelData* pLabelData = mpParent->GetLabelData(nColumn);

  if (pLabelData == NULL && pLabelData->maName.isEmpty())
    continue;
  ....
}

LibreOffice

V522 Dereferencing of the null pointer 'pWindow' might take place. Check the logical condition. querycontroller.cxx 293


void grabFocusFromLimitBox( OQueryController& _rController )
{
  ....
  vcl::Window* pWindow = VCLUnoHelper::GetWindow( xWindow );
  if( pWindow || pWindow->HasChildPathFocus() )
  {
    pWindow->GrabFocusToDocument();
  }
  ....
}

LibreOffice

V522 Dereferencing of the null pointer 'piTmpConnection' might take place. adodatalinks.cxx 84


BSTR PromptNew(long hWnd)
{
  ....
  ADOConnection* piTmpConnection = NULL;

  ::CoInitialize( NULL );

  hr = CoCreateInstance(
                CLSID_DataLinks,
                NULL,
                CLSCTX_INPROC_SERVER,
                IID_IDataSourceLocator,
                (void**)&dlPrompt
                );
  if( FAILED( hr ) )
  {
    piTmpConnection->Release();
    dlPrompt->Release( );
    return connstr;
  }
  ....
}

.NET CoreCLR

V522 Dereferencing of the null pointer 'hp' might take place. cee_wks gc.cpp 4488


heap_segment* gc_heap::get_segment_for_loh (size_t size
#ifdef MULTIPLE_HEAPS
                                           , gc_heap* hp
#endif //MULTIPLE_HEAPS
                                           )
{
#ifndef MULTIPLE_HEAPS
    gc_heap* hp = 0;
#endif //MULTIPLE_HEAPS
    heap_segment* res = hp->get_segment (size, TRUE);
  ....
}

When 'MULTIPLE_HEAPS' is not defined, it's no good because the pointer will equal zero.


Godot Engine

V522 Dereferencing of the null pointer 'create_trimesh_collision_node()' might take place. mesh_instance.cpp 177


Node* MeshInstance::create_trimesh_collision_node()
{
  if (mesh.is_null())
    return NULL;
  Ref<Shape> shape = mesh->create_trimesh_shape();
  if (shape.is_null())
    return NULL;
  StaticBody * static_body = memnew( StaticBody );
  static_body->add_shape( shape );
  return static_body;
  return NULL;
}

void MeshInstance::create_trimesh_collision()
{
  StaticBody* static_body =
    create_trimesh_collision_node()->cast_to<StaticBody>();
  ERR_FAIL_COND(!static_body);
  static_body->set_name( String(get_name()) + "_col" );
  ....
}

Similar errors can be found in some other places:

  • V522 Dereferencing of the null pointer 'create_convex_collision_node()' might take place. mesh_instance.cpp 211

Unreal Engine 4

V522 Dereferencing of the null pointer 'GEngine' might take place. Check the logical condition. gameplaystatics.cpp 988\


void UGameplayStatics::DeactivateReverbEffect(....)
{
  if (GEngine || !GEngine->UseSound()) // <=
  {
    return;
  }
  UWorld* ThisWorld = GEngine->GetWorldFromContextObject(....);
  ....
}

Mozilla Thunderbird

V522 Dereferencing of the null pointer 'aStyleValues' might take place. sdnaccessible.cpp 252


STDMETHODIMP sdnAccessible::get_computedStyle(
                   BSTR __RPC_FAR* aStyleProperties,
                   BSTR __RPC_FAR* aStyleValues,
                   unsigned short __RPC_FAR* aNumStyleProperties)
{
  if (!aStyleProperties || aStyleValues || !aNumStyleProperties)
    return E_INVALIDARG;
  ....
  aStyleValues[realIndex] = ::SysAllocString(value.get());
  ....
}

ChakraCore

V522 Dereferencing of the null pointer 'tempNumberTracker' might take place. backwardpass.cpp 578


void
BackwardPass::MergeSuccBlocksInfo(BasicBlock * block)
{
  TempNumberTracker * tempNumberTracker = nullptr; // <= line 346
  ....
  if (!block->isDead)
  {
      ....
      if(!IsCollectionPass())
      {
          ....
          if (this->DoMarkTempNumbers())
          {
              tempNumberTracker = JitAnew(....);   // <= line 413
          }
      ....
  ....
  if (blockSucc->tempNumberTracker != nullptr)
  {
      ....
      tempNumberTracker->MergeData(....);          // <= line 578
      if (deleteData)
      {
          blockSucc->tempNumberTracker = nullptr;
      }
  }
  ....
}

FreeBSD Kernel

V522 Dereferencing of the null pointer 'sc' might take place. mrsas.c 4027


void
mrsas_aen_handler(struct mrsas_softc *sc)
{
  ....
  if (!sc) {
    device_printf(sc->mrsas_dev, "invalid instance!\n");
    return;
  }
  if (sc->evt_detail_mem) {
  ....
}

Similar errors can be found in some other places:

  • V522 Dereferencing of the null pointer 'sc' might take place. mrsas.c 1279
  • V522 Dereferencing of the null pointer 'sc' might take place. tws_cam.c 1066
  • V522 Dereferencing of the null pointer 'sc' might take place. blkfront.c 677
  • And 4 additional diagnostic messages.

OpenToonz

V522 Dereferencing of the null pointer 'region' might take place. Check the logical condition. palettecmd.cpp 102


bool isStyleUsed(const TVectorImageP vi, int styleId)
{
  ....
  TRegion *region = vi->getRegion(i);
  if (region || region->getStyle() != styleId)
    return true;
  ....
}

OpenJDK

V522 Dereferencing of the null pointer 'data' might take place. util.c 2424


static jint JNICALL
cbObjectTagInstance(....)
{
    ClassInstancesData  *data;

    /* Check data structure */
    data = (ClassInstancesData*)user_data;
    if (data == NULL) {
        data->error = AGENT_ERROR_ILLEGAL_ARGUMENT;
        return JVMTI_VISIT_ABORT;
    }
  ....
}

Similar errors can be found in some other places:

  • V522 Dereferencing of the null pointer 'data' might take place. util.c 2543
  • V522 Dereferencing of the null pointer 'data' might take place. util.c 2601
  • V522 Dereferencing of the null pointer 'data' might take place. util.c 2760

Blender

V522 Dereferencing of the null pointer 've' might take place. functions1d.cpp 107


int QuantitativeInvisibilityF1D::operator()(....)
{
  ViewEdge *ve = dynamic_cast<ViewEdge*>(&inter;);
  if (ve) {
    result = ve->qi();
    return 0;
  }
  FEdge *fe = dynamic_cast<FEdge*>(&inter;);
  if (fe) {
    result = ve->qi(); //<=
    return 0;
  }
  ....
}

Blender

V522 Dereferencing of the null pointer 'ibuf' might take place. tracking_util.c 765


static ImBuf *accessor_get_ibuf(....)
{
  ImBuf *ibuf, *orig_ibuf, *final_ibuf;
  ....
  /* First try to get fully processed image from the cache. */
  ibuf = accesscache_get(accessor,
                         clip_index,
                         frame,
                         input_mode,
                         downscale,
                         transform_key);
  if (ibuf != NULL) {
        return ibuf;
    }
  /* And now we do postprocessing of the original frame. */
  orig_ibuf = accessor_get_preprocessed_ibuf(accessor,
                                             clip_index,
                                             frame);
  if (orig_ibuf == NULL) {
        return NULL;
  }
  ....
  if (downscale > 0) {
      if (final_ibuf == orig_ibuf) {
          final_ibuf = IMB_dupImBuf(orig_ibuf);
      }
      IMB_scaleImBuf(final_ibuf,
                     ibuf->x / (1 << downscale),  //<=
                     ibuf->y / (1 << downscale)); //<=
  }
  ....
  if (input_mode == LIBMV_IMAGE_MODE_RGBA) {
      BLI_assert(ibuf->channels == 3 ||          //<=
                 ibuf->channels == 4);           //<=
  }
  ....
  return final_ibuf;
}

Similar errors can be found in some other places:

  • V522 Dereferencing of the null pointer 'ibuf' might take place. tracking_util.c 766
  • V522 Dereferencing of the null pointer 'ibuf' might take place. tracking_util.c 783

Chromium

V522 Dereferencing of the null pointer 'item' might take place. action_wait.cc 41


// Returns the item associated with the component |id| or nullptr
// in case of errors.
CrxUpdateItem* FindUpdateItemById(const std::string& id) const;

void ActionWait::Run(UpdateContext* update_context,
                     Callback callback)
{
....
  while (!update_context->queue.empty())
  {
      auto* item =
        FindUpdateItemById(update_context->queue.front());
      if (!item) {                                         // <=
        item->error_category =                             // <=
          static_cast<int>(ErrorCategory::kServiceError);
        item->error_code =                                 // <=
          static_cast<int>(ServiceError::ERROR_WAIT);
        ChangeItemState(item, CrxUpdateItem::State::kNoUpdate);
      } else {
        NOTREACHED();
      }
      update_context->queue.pop();
  }
....
}

Clang

V522 Dereferencing of the null pointer 'PdbFileBuffer' might take place. PDBFileBuilder.cpp 106


Expected<std::unique_ptr<PDBFile>>
PDBFileBuilder::build(
  std::unique_ptr<msf::WritableStream> PdbFileBuffer)
{
  ....
  auto File = llvm::make_unique<PDBFile>(
    std::move(PdbFileBuffer), Allocator);

  File->ContainerLayout = *ExpectedLayout;

  if (Info) {
    auto ExpectedInfo = Info->build(*File, *PdbFileBuffer);
  ....
}

The code is not clear to me, as I have not studied what llvm::make_unique is, and how it works in general. Nevertheless, both myself and the analyzer are confused by the fact that at first glance the possession of an object from a smart pointer PdbFileBuffer goes to File. After that we have dereferencing of a null pointer PdbFileBuffer that already contains nullptr

Similar errors can be found in some other places:

  • V522 Dereferencing of the null pointer 'PdbFileBuffer' might take place. PDBFileBuilder.cpp 113
  • V522 Dereferencing of the null pointer 'PdbFileBuffer' might take place. PDBFileBuilder.cpp 120
  • V522 Dereferencing of the null pointer 'PdbFileBuffer' might take place. PDBFileBuilder.cpp 127

FreeBSD Kernel

V522 Dereferencing of the null pointer 'ccb' might take place. The null pointer is passed into 'iscsi_outstanding_add' function. Inspect the third argument. Check lines: 'iscsi.c:2157'. iscsi.c 2091


static struct iscsi_outstanding *
iscsi_outstanding_add(struct iscsi_session *is,
                      struct icl_pdu *request,
                      union ccb *ccb,
                      uint32_t *initiator_task_tagp)
{
  struct iscsi_outstanding *io;
  int error;

  ISCSI_SESSION_LOCK_ASSERT(is);

  io = uma_zalloc(iscsi_outstanding_zone, M_NOWAIT | M_ZERO);
  if (io == NULL) {
    ISCSI_SESSION_WARN(is, "failed to allocate %zd bytes",
        sizeof(*io));
    return (NULL);
  }

  error = icl_conn_task_setup(is->is_conn, request, &ccb->csio,
    initiator_task_tagp, &io->io_icl_prv);
  ....
}

static void
iscsi_action_abort(struct iscsi_session *is, union ccb *ccb)
{
  ....
  io = iscsi_outstanding_add(is, request, NULL,
                             &initiator_task_tag);
  ....
}

CryEngine V

V522 Dereferencing of the null pointer 'pCEntity' might take place. BreakableManager.cpp 2396


int CBreakableManager::HandlePhysics_UpdateMeshEvent(....)
{
  CEntity* pCEntity = 0;
  ....
  if (pmu && pSrcStatObj && GetSurfaceType(pSrcStatObj))
  {
    ....
    if (pEffect)
    {
      ....
      if (normal.len2() > 0)
        pEffect->Spawn(true, pCEntity->GetSlotWorldTM(...); // <=
    }
  }

  ....

  if (iForeignData == PHYS_FOREIGN_ID_ENTITY)
  {
    pCEntity = (CEntity*)pForeignData;
    if (!pCEntity || !pCEntity->GetPhysicalProxy())
      return 1;
  }
  ....
}

Scilab

V522 Dereferencing of the null pointer 'dataz' might take place. polylinedata_wrap.c 373


BOOL translatePolyline(int uid, double x, double y, double z,
                       int flagX, int flagY, int flagZ)
{
  double *datax = NULL;
  double *datay = NULL;
  double *dataz = NULL;                          // <=

  int i = 0;
  if (x != 0.0)
  {
    datax = getDataX(uid);
    if (datax == NULL) return FALSE;
  ....
  if (z != 0 && isZCoordSet(uid))
  {
    if (flagZ) {
      for (i = 0; i < getDataSize_(uid); ++i)
      {
        dataz[i] = pow(10.,log10(dataz[i]) + z); // <=
      }
    } else {
      for (i = 0; i < getDataSize_(uid); ++i)
      {
        dataz[i] += z;                           // <=
      }
    }
  }

  return TRUE;
}

Bind

V522 Dereferencing of the null pointer 'stylep' might take place. Check the logical condition. delv.c 500


static isc_result_t
setup_style(dns_master_style_t **stylep) {
  isc_result_t result;
  dns_master_style_t *style = NULL;

  REQUIRE(stylep != NULL || *stylep == NULL);
  ....
}

Aspell

V522 There might be dereferencing of a potential null pointer 'first'. objstack.cpp 21


ObjStack::ObjStack(size_t chunk_s, size_t align)
  : chunk_size(chunk_s), min_align(align), temp_end(0)
{
  first_free = first = (Node *)malloc(chunk_size);
  first->next = 0;
  reserve = 0;
  setup_chunk();
}

Similar errors can be found in some other places:

  • V522 There might be dereferencing of a potential null pointer 'reinterpret_cast< void * * > (block)'. block_slist-t.hpp 27
  • V522 There might be dereferencing of a potential null pointer 'w1.str'. prezip.c 87
  • V522 There might be dereferencing of a potential null pointer 'w'. prezip.c 164
  • And 2 additional diagnostic messages.

Tizen

V522 There might be dereferencing of a potential null pointer 'list'. storage-plugin-sample.c 564


storage_error_code_t sample_get_list(....)
{
  ....
  storage_adaptor_file_info_h *list = NULL;
  int len = g_list_length(_file_list);
  if (0 < len) {
    list = (storage_adaptor_file_info_h *)                 // <=
      calloc(len, sizeof(storage_adaptor_file_info_h));
    for (int i = 0; i < len; i++)
      list[i] = (storage_adaptor_file_info_h)              // <=
                g_list_nth_data(_file_list, i);
  }
  ....
}

Tizen

V522 There might be dereferencing of a potential null pointer 'plugin_task'. storage-plugin-sample.c 1016


static async_job_t *create_job_s(int fd)
{
  async_job_t *job =
    (async_job_t *) calloc(1, sizeof(async_job_t));        // <=
  if (job) {
    job->local_path = NULL;
    job->cloud_path = NULL;
    job->fd = fd;
  }

  return job;                                              // <=
}

storage_error_code_t sample_upload_async(....)
{
  ....
  async_job_t *plugin_task = create_job_s(src_file_descriptor);

  char *path = NULL;
  path = g_strconcat(VIRTUAL_ROOT_PATH(context),
    dir_path ? dir_path : "", "/", file_name, NULL);

  plugin_task->cloud_path = path;                          // <=
  ....
}

Tizen

V522 There might be dereferencing of a potential null pointer 'cb_data'. util.c 37


void back_button_cb_push(....)
{
  back_button_cb_data *cb_data = malloc(sizeof(*cb_data));
  cb_data->cb = cb;
  ....
}

Tizen

V522 There might be dereferencing of a potential null pointer 'info'. navigator.c 2819


static void on_gesture_detected(void *data,
                                const Eldbus_Message *msg)
{
  ....
  Gesture_Info *info = calloc(sizeof(Gesture_Info), 1);    // <=
  int g_type;
  if (!msg) {
    DEBUG("Incoming message is empty");
    free(info);
    return;
  }

  if (!eldbus_message_arguments_get(....)) {
    DEBUG("Getting message arguments failed");
    free(info);
    return;
  }
  info->type = (Gesture)g_type;                            // <=
  ....
}

Tizen

V522 There might be dereferencing of a potential null pointer 'item_type'. list_util.c 72


HAPI void quickpanel_list_util_set_item_type(....)
{
  ....
  if (item_type == NULL) {
    item_type = (int*)malloc(sizeof(int));

    *item_type = type;

    evas_object_data_set(item, E_DATA_ITEM_LABEL_H,
                         (void*)item_type);
  }
}

Tizen

V522 There might be dereferencing of a potential null pointer 'popup_data'. popup.c 1167


void
popup_cb(void *data, Evas_Object *obj, void *event_info)
{
  ....
  win_data *popup_data = (win_data*)malloc(sizeof(win_data));

  elm_theme_extension_add(NULL, ELM_DEMO_EDJ);
  /* We convince the top widget is a window */
  win = ad->win;
  list = elm_list_add(ad->nf);
  elm_list_mode_set(list, ELM_LIST_COMPRESS);
  popup_data->list = list;
  popup_data->win = win;
  ....
}

Tizen

V522 There might be dereferencing of a potential null pointer 'inputHandle'. cpp_audio_io.cpp 928


int cpp_audio_in_peek(audio_in_h input, const void **buffer,
                      unsigned int *length) {
  ....
  CAudioInput* inputHandle =
    dynamic_cast<CAudioInput*>(handle->audioIoHandle);
  assert(inputHandle);
  inputHandle->peek(buffer, &_length);
  ....
}

Tizen

V522 There might be dereferencing of a potential null pointer 'preedit_attr'. ise.cpp 392


void ise_update_preedit_string(....)
{
  ....
  ime_preedit_attribute *preedit_attr;
  ....
  preedit_attr = (ime_preedit_attribute *)
                 calloc(1, sizeof(ime_preedit_attribute));
  preedit_attr->start = 0;
  ....
}

Tizen

V522 There might be dereferencing of a potential null pointer 'msg'. QuickAccess.cpp 743


void QuickAccess::setButtonColor(Evas_Object* button,
                                 int r, int g, int b, int a)
{
  Edje_Message_Int_Set* msg =
  (Edje_Message_Int_Set *)malloc(sizeof(*msg) + 3 * sizeof(int));
  msg->count = 4;
  msg->val[0] = r;
  msg->val[1] = g;
  msg->val[2] = b;
  msg->val[3] = a;
  edje_object_message_send(elm_layout_edje_get(button),
                           EDJE_MESSAGE_INT_SET, 0, msg);
  free(msg);
}

Tizen

V522 There might be dereferencing of a potential null pointer 'selected_device'. setting_item_device_list.c 121


static void device_list_select_cb(void *data, Evas_Object *obj,
                                  void *event_info)
{
  do_haptic(50);

  device_info_s *info = (device_info_s *) data;

  selected_device = (device_info_s *)
                    calloc(sizeof(device_info_s), 1);
  selected_device->index = info->index;
  ....
}

Tizen

V522 There might be dereferencing of a potential null pointer 'sql_callback'. download-db-service.cpp 75


void initialize_datacontrol_provider()
{
  DM_LOGI("initialize_datacontrol_provider");

  int result;

  sql_callback = (data_control_provider_sql_cb *)
                 malloc(sizeof(data_control_provider_sql_cb));
  sql_callback->select_cb = select_request_cb;
  ....
}

Tizen

V522 There might be dereferencing of a potential null pointer 'msg'. util.c 113


void util_bg_color_rgba_set(Evas_Object *layout,
                            char r, char g, char b, char a)
{
  Edje_Message_Int_Set *msg;

  ret_if(!layout);

  msg = malloc(sizeof(*msg) + 3 * sizeof(int));

  msg->count = 4;
  msg->val[0] = r;
  msg->val[1] = g;
  msg->val[2] = b;
  msg->val[3] = a;

  edje_object_message_send(elm_layout_edje_get(layout),
                           EDJE_MESSAGE_INT_SET, 1, msg);
  free(msg);
}

Similar errors can be found in some other places:

  • V522 There might be dereferencing of a potential null pointer 'pkg_data'. privacy_package_list_view.c 320
  • V522 There might be dereferencing of a potential null pointer 'data'. privacy_guard_package_list_view.c 126
  • V522 There might be dereferencing of a potential null pointer 'id'. privacy_package_list_view.c 470
  • And 58 additional diagnostic messages.

EFL Core Libraries

V522 There might be dereferencing of a potential null pointer 't'. eina_tiler.c 1146


EAPI Eina_Tiler *eina_tiler_new(int w, int h)
{
  Eina_Tiler *t;

  EINA_SAFETY_ON_TRUE_RETURN_VAL((w <= 0) || (h <= 0), NULL);

  t = calloc(1, sizeof(Eina_Tiler));
  t->last.add.w = -1;
  t->last.add.h = -1;
  t->last.del.w = -1;
  t->last.del.h = -1;
  t->area.w = w;
  t->area.h = h;
  t->tile.w = 32;
  t->tile.h = 32;
  t->rounding = EINA_TRUE;
  EINA_MAGIC_SET(t, EINA_MAGIC_TILER);
  _splitter_new(t);
  return t;
}

EFL Core Libraries

V522 There might be dereferencing of a potential null pointer 'e'. evas_cserve2_fonts.c 66


static void *
_font_slave_error_send(Error_Type error)
{
  Error_Type *e = calloc(1, sizeof(*e));
  *e = error;
  return e;
}

Similar errors can be found in some other places:

  • V522 There might be dereferencing of a potential null pointer 'tmpstr'. eo_generator.c 158
  • V522 There might be dereferencing of a potential null pointer 'ctx'. eo_lexer.c 1220
  • V522 Dereferencing of the null pointer 'v' might take place. The potential null pointer is passed into 'evas_triangle3_set' function. Inspect the first argument. Check lines: 'evas_3d_utils.h:2449'. evas_3d_utils.h 651
  • And 390 additional diagnostic messages.

Enlightenment

V522 There might be dereferencing of a potential null pointer 'task'. e_fm_ipc.c 489


static void
_e_fm_ipc_mkdir(int id, const char *src, const char *rel,
                int rel_to EINA_UNUSED, int x, int y)
{
  E_Fm_Task *task;

  task = malloc(sizeof(E_Fm_Task));

  task->id = id;
  task->type = E_FM_OP_MKDIR;
  task->slave = NULL;
  ....
}

Similar errors can be found in some other places:

  • V522 There might be dereferencing of a potential null pointer 'm'. e_fm_ipc.c 1046
  • V522 There might be dereferencing of a potential null pointer 't'. e_fm_op.c 444
  • V522 There might be dereferencing of a potential null pointer 'ntask'. e_fm_op.c 896
  • And 599 additional diagnostic messages.


Do you make errors in the code?

Check your code
with PVS-Studio

Static code analysis
for C, C++ and C#

goto PVS-Studio;