Examples of errors detected by the V694 diagnostic


V694. The condition (ptr - const_value) is only false if the value of a pointer equals a magic constant.


Miranda NG

V694 The condition ((end + 1) != '\0') is only false if there is pointer overflow which is undefined behaviour anyway. DbEditorPP exportimport.cpp 425


void importSettings(MCONTACT hContact, char *importstring )
{
  ....
  char module[256] = "", setting[256] = "", *end;
  ....
  if (end = strpbrk(&importstring[i+1], "]")) {
    if ((end+1) != '\0') *end = '\0';
    strcpy(module, &importstring[i+1]);
  }
  ....
}

Similar errors can be found in some other places:

  • V694 The condition ((end + 1) != '\0') is only false if there is pointer overflow which is undefined behaviour anyway. DbEditorPP exportimport.cpp 433
  • V694 The condition ((end + 1) != '\0') is only false if there is pointer overflow which is undefined behaviour anyway. DbEditorPP exportimport.cpp 441
  • V694 The condition (p + 1) is only false if there is pointer overflow which is undefined behaviour anyway. OpenFolder openfolder.cpp 35
  • And 1 additional diagnostic messages.

FreeSWITCH

V694 The condition (mode + 5) is only false if there is pointer overflow which is undefined behaviour anyway. mod_ilbc.c 51


static switch_status_t switch_ilbc_fmtp_parse(....)
{
  ....
  if (fmtp && (mode = strstr(fmtp, "mode=")) && (mode + 5)) {
      codec_ms = atoi(mode + 5);
    }
    if (!codec_ms) {
      /* default to 30 when no mode is defined for ilbc ONLY */
      codec_ms = 30;
    }
  ....
}

EFL Core Libraries

V694 The condition ((pbuffer) + 1) is only false if there is pointer overflow which is undefined behavior anyway. cpplib.c 2496


#define CPP_PREV_BUFFER(BUFFER) ((BUFFER)+1)

static void
initialize_builtins(cpp_reader * pfile)
{
  ....
  cpp_buffer *pbuffer = CPP_BUFFER(pfile);

  while (CPP_PREV_BUFFER(pbuffer))
    pbuffer = CPP_PREV_BUFFER(pbuffer);
  ....
}

Similar errors can be found in some other places:

  • V694 The condition ((ip) + 1) is only false if there is pointer overflow which is undefined behavior anyway. cpplib.c 2332

Tizen

V694 The condition (query + 1 == NULL) is only true if there is pointer overflow which is undefined behavior anyway. amd_request.c 1083


static int __get_instance_info(bundle *kb,
                               struct instance_info *info)
{
  ....
  gchar *query;
  ....
  if (query == NULL || query + 1 == NULL) {
  ....
}

ICU

V694 CWE-571 The condition (action + 1) is only false if there is pointer overflow which is undefined behavior anyway. ubiditransform.cpp 502


U_DRAFT uint32_t U_EXPORT2 ubiditransform_transform(....)
{
  ....
  const UBiDiAction *action = NULL;
  ....
  if (action + 1) {
    updateSrc(....);
  }
  ....
}

The condition is always true. Theoretically, it can become false if an overflow occurs, but this leads to undefined behavior.



Bugs Found

Checked Projects
355
Collected Errors
13 303