Examples of errors detected by the V666 diagnostic.


V666. Consider inspecting NN argument of the function 'Foo'. It is possible that the value does not correspond with the length of a string which was passed with the YY argument.


Trans-Proteomic Pipeline

V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. interprophetmain.cxx 151


int main(int argc, char** argv) {
  ....
  if (strcmp(argv[argidx], "NONSS") &&
      ....
      strncmp(argv[argidx], "CAT=", 4) &&
      strncmp(argv[argidx], "DECOY=", 6) &&
      strncmp(argv[argidx], "THREADS=", 6) &&
      strncmp(argv[argidx], "MINPROB=", 8)) {
  ....
}

Geant4 software

V666 Consider inspecting second argument of the function 'write'. It is possible that the value does not correspond with the length of a string which was passed with the first argument. _G4GMocren-archive g4gmocrenio.cc 1351


bool G4GMocrenIO::storeData2() {
  ....
  // file identifier
  ofile.write("GRAPE    ", 8);
  ....
}

Source Engine SDK

V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. Server (HL2) multiplay_gamerules.cpp 860


void CMultiplayRules::DeathNotice( .... )
{
  ....
  else if ( strncmp( killer_weapon_name, "NPC_", 8 ) == 0 )
  ....
}

Scilab

V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. crerhs.c 119


void CreCommon(f,var)
     FILE *f;
     VARPTR var;
{
  ....
  if ( strncmp(var->fexternal,"cintf",4)==0 )
  ....
}

Similar errors can be found in some other places:

  • V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. crerhs.c 121
  • V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. crerhs.c 123
  • V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. crerhs.c 125
  • And 1 additional diagnostic messages.

OpenSSL

V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. asn1_gen.c 371


static int asn1_cb(const char *elem, int len, void *bitstr)
{
  ....
  if (!strncmp(vstart, "ASCII", 5))
    arg->format = ASN1_GEN_FORMAT_ASCII;
  else if (!strncmp(vstart, "UTF8", 4))
    arg->format = ASN1_GEN_FORMAT_UTF8;
  else if (!strncmp(vstart, "HEX", 3))
    arg->format = ASN1_GEN_FORMAT_HEX;
  else if (!strncmp(vstart, "BITLIST", 3))
    arg->format = ASN1_GEN_FORMAT_BITLIST;
  else
  ....
}

OpenSSL

V666 Consider inspecting third argument of the function 'BIO_write'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. asn1_par.c 378


BIO_write(bp,"Error in encoding\n",18)
BIO_write(bp,"\n",1)
BIO_write(bp,":",1)
BIO_write(bp,":BAD OBJECT",11)
BIO_write(bp,"Bad boolean\n",12)

static int asn1_parse2(....)
{
  ....
  if (BIO_write(bp,"BAD ENUMERATED",11) <= 0)
    goto end;
  ....
}

OpenSSL

V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the first argument. s_server.c 2703


static int www_body(....)
{
  ....
  if ( ((www == 1) && (strncmp("GET ",buf,4) == 0)) ||
       ((www == 2) && (strncmp("GET /stats ",buf,10) == 0)))
  ....
}

ITK

V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. metascene.cxx 313


bool MetaScene::
Read(const char *_headerName)
{
  ....
  else if(!strncmp(objectType.c_str(),"Image",5) ||
  ....
  else if(!strncmp(objectType.c_str(),"Blob",4) ||
  ....
  else if(!strncmp(objectType.c_str(),"Landmark",8) ||
  ....
  else if(!strncmp(objectType.c_str(),"Surface",5) ||
  ....
}

Spring Engine

V666 Consider inspecting third argument of the function 'TokenMatch'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. assimp plyparser.cpp 185


PLY::ESemantic PLY::Property::ParseSemantic(....)
{
  ....
  else if (TokenMatch(pCur,"specular_alpha",14))
  {
    eOut = PLY::EST_SpecularAlpha;
  }
  else if (TokenMatch(pCur,"opacity",7))
  {
    eOut = PLY::EST_Opacity;
  }
  else if (TokenMatch(pCur,"specular_power",6))
  {
    eOut = PLY::EST_PhongPower;
  }
  ....
}

LibreOffice

V666 Consider inspecting third argument of the function 'rsc_strnicmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. start.cxx 179


static bool CallRsc2(....)
{
  ....
  if( !rsc_strnicmp( ....,  "-fp=", 4 ) ||
      !rsc_strnicmp( ...., "-fo=", 4 ) ||
      !rsc_strnicmp( ...., "-presponse", 9 ) ||   // <=
      !rsc_strnicmp( ...., "-rc", 3 ) ||
      !rsc_stricmp( ...., "-+" ) ||
      !rsc_stricmp( ...., "-br" ) ||
      !rsc_stricmp( ...., "-bz" ) ||
      !rsc_stricmp( ...., "-r" ) ||
      ( '-' != *.... ) )
  ....
}

OpenJDK

V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. hb-shape.cc 104


static bool
parse_bool (const char **pp, const char *end, unsigned int *pv)
{
  ....

  /* CSS allows on/off as aliases 1/0. */
  if (*pp - p == 2 || 0 == strncmp (p, "on", 2))
    *pv = 1;
  else if (*pp - p == 3 || 0 == strncmp (p, "off", 2))
    *pv = 0;
  else
    return false;

  return true;
}

Inkscape

V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. blend.cpp 85


static Inkscape::Filters::FilterBlendMode
 sp_feBlend_readmode(....) {
  ....
  switch (value[0]) {
    case 'n':
      if (strncmp(value, "normal", 6) == 0)
        return Inkscape::Filters::BLEND_NORMAL;
      break;
    case 'm':
      ....
    case 's':
      if (strncmp(value, "screen", 6) == 0)
          return Inkscape::Filters::BLEND_SCREEN;
      if (strncmp(value, "saturation", 6) == 0) // <=
          return Inkscape::Filters::BLEND_SATURATION;
      break;
    case 'd':
      ....
    case 'o':
      if (strncmp(value, "overlay", 7) == 0)
          return Inkscape::Filters::BLEND_OVERLAY;
      break;
    case 'c':
      ....
    case 'h':
      if (strncmp(value, "hard-light", 7) == 0) // <=
          return Inkscape::Filters::BLEND_HARDLIGHT;
      ....
      break;
    ....
  }
}

Linux Kernel

V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the first argument. spectral.c 341


static ssize_t write_file_spec_scan_ctl(struct file *file,
          const char __user *user_buf,
          size_t count, loff_t *ppos)
{
  struct ath10k *ar = file->private_data;
  char buf[32];
  ssize_t len;
  int res;

  len = min(count, sizeof(buf) - 1);
  if (copy_from_user(buf, user_buf, len))
    return -EFAULT;

  buf[len] = '\0';

  mutex_lock(&ar->conf_mutex);

  if (strncmp("trigger", buf, 7) == 0) {
    ....
  } else if (strncmp("background", buf, 9) == 0) {
    res = ath10k_spectral_scan_config(ar, SPECTRAL_BACKGROUND);
  } else if (strncmp("manual", buf, 6) == 0) {
    res = ath10k_spectral_scan_config(ar, SPECTRAL_MANUAL);
  } else if (strncmp("disable", buf, 7) == 0) {
    res = ath10k_spectral_scan_config(ar, SPECTRAL_DISABLED);
  } else {
    res = -EINVAL;
  }

  mutex_unlock(&ar->conf_mutex);

  if (res < 0)
    return res;

  return count;
}

Linux Kernel

V666 Consider inspecting third argument of the function 'memcpy'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. dpt_i2o.c 403


static void adpt_inquiry(adpt_hba* pHba)
{
  ....
  memset(pHba->detail, 0, sizeof(pHba->detail));
  memcpy(&(pHba->detail), "Vendor: Adaptec ", 16);
  memcpy(&(pHba->detail[16]), " Model: ", 8);
  memcpy(&(pHba->detail[24]), (u8*) &buf[16], 16);
  memcpy(&(pHba->detail[40]), " FW: ", 4);              // <=
  memcpy(&(pHba->detail[44]), (u8*) &buf[32], 4);
  pHba->detail[48] = '\0';  /* precautionary */
  ....
}

FreeBSD Kernel

V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. ip_irc_pxy.c 140


int
ipf_p_irc_complete(ircp, buf, len)
  ircinfo_t *ircp;
  char *buf;
  size_t len;
{
  ....
  if (strncmp(s, "PRIVMSG ", 8))
    return 0;
  ....
  if (strncmp(s, "\001DCC ", 4))  // <=
    return 0;
  ....
}

Bind

V666 Consider inspecting third argument of the function 'strncasecmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. nslookup.c 723

V666 Consider inspecting third argument of the function 'strncasecmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. nslookup.c 725

V666 Consider inspecting third argument of the function 'strncasecmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. nslookup.c 729

V666 Consider inspecting third argument of the function 'strncasecmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. nslookup.c 731


static void
setoption(char *opt) {
  ....
  } else if (strncasecmp(opt, "deb", 3) == 0) {
    short_form = ISC_FALSE;
    showsearch = ISC_TRUE;
  } else if (strncasecmp(opt, "nodeb", 5) == 0) {
    short_form = ISC_TRUE;
    showsearch = ISC_FALSE;
  } else if (strncasecmp(opt, "d2", 2) == 0) {
    debugging = ISC_TRUE;
  } else if (strncasecmp(opt, "nod2", 4) == 0) {
    debugging = ISC_FALSE;
  } else if (strncasecmp(opt, "search", 3) == 0) {    // <=
    usesearch = ISC_TRUE;
  } else if (strncasecmp(opt, "nosearch", 5) == 0) {  // <=
    usesearch = ISC_FALSE;
  } else if (strncasecmp(opt, "sil", 3) == 0) {
    /* deprecation_msg = ISC_FALSE; */
  } else if (strncasecmp(opt, "fail", 3) == 0) {      // <=
    nofail=ISC_FALSE;
  } else if (strncasecmp(opt, "nofail", 3) == 0) {    // <=
    nofail=ISC_TRUE;
  } else if (strncasecmp(opt, "ndots=", 6) == 0) {
    set_ndots(&opt[6]);
  } else {
    printf("*** Invalid option: %s\n", opt);
  }
}

Bind

V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. named-rrchecker.c 100


int
main(int argc, char *argv[]) {
  ....
        if (strncmp(text, "CLASS", 4) != 0)
          fprintf(stdout, "%s\n", text);
  ....
}

Enlightenment

V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. e_info_client.c 1801


static void
_e_info_client_proc_slot_set(int argc, char **argv)
{
  ....
  if (!strncmp(argv[2], "start", strlen("start")))
    mode = E_INFO_CMD_MESSAGE_START;
  if (!strncmp(argv[2], "list", strlen("list")))
    mode = E_INFO_CMD_MESSAGE_LIST;
  if (!strncmp(argv[2], "create", strlen("add")))          // <=
    mode = E_INFO_CMD_MESSAGE_CREATE;
  if (!strncmp(argv[2], "modify", strlen("modify")))
    mode = E_INFO_CMD_MESSAGE_MODIFY;
  if (!strncmp(argv[2], "del", strlen("del")))
    mode = E_INFO_CMD_MESSAGE_DEL;
  ....
}

Enlightenment

V666 Consider inspecting third argument of the function 'strncmp'. It is possible that the value does not correspond with the length of a string which was passed with the second argument. e_sys_main.c 308


int
main(int argc, char **argv)
{
  ....
  if ((!strncmp(environ[i], "LD_", 3)) ||
      (!strncmp(environ[i], "_RLD_", 5)) ||
      (!strncmp(environ[i], "LC_", 3)) ||
      (!strncmp(environ[i], "LDR_", 3)))         // <=
  ....
}


Do you make errors in the code?

Check your code
with PVS-Studio

Static code analysis
for C, C++ and C#

goto PVS-Studio;