Примеры ошибок, обнаруженных с помощью диагностики V568


V568. It's odd that the argument of sizeof() operator is the expression.


Wolfenstein 3D

V568 It's odd that the argument of sizeof() operator is the '& itemInfo' expression. cgame cg_weapons.c 1467


void CG_RegisterItemVisuals( int itemNum ) {
  ....
  itemInfo_t *itemInfo;
  ....
  memset( itemInfo, 0, sizeof( &itemInfo ) );
  ....
}

This is what should have been written here: memset( itemInfo, 0, sizeof( *itemInfo ) ).


FCEUX

V568 It's odd that the argument of sizeof() operator is the 'buff - 1' expression. fceux monitor.cpp 117


BOOL updateResults(HWND hwndDlg, int rule)
{
  char buff[0x100];
  ....
  SendDlgItemMessage(hwndDlg, RULE_INPUT_1 + i, WM_GETTEXT,
                     sizeof(buff - 1), (LPARAM) input_buff);
  ....
}

This is what should have been written here: sizeof(buff) - 1.


CxImage

V568 It's odd that the argument of sizeof() operator is the expression. jasper jpc_enc.c 2157


static jpc_enc_tcmpt_t *tcmpt_create(....)
{
  ....
  memset(tcmpt->stepsizes, 0,
    sizeof(tcmpt->numstepsizes * sizeof(uint_fast16_t)));
  ....
}

This is what should have been written here: memset(tcmpt->stepsizes, 0, tcmpt->numstepsizes * sizeof(uint_fast16_t));


Miranda IM

V568 It's odd that the argument of sizeof() operator is the '& ImgIndex' expression. clist_modern modern_extraimage.cpp 302


void ExtraImage_SetAllExtraIcons(HWND hwndList,HANDLE hContact)
{
  ....
  char *(ImgIndex[64]);
  ....
  memset(&ImgIndex,0,sizeof(&ImgIndex));
  ....
}

The programmer wanted to zero an array consisting of 64 pointers. But only the first item was zeroed. This

Similar errors can be found in some other places:

  • V568 It's odd that the argument of sizeof() operator is the '& ImgIndex' expression. clist_mw extraimage.c 295

Miranda IM

V568 It's odd that the argument of sizeof() operator is the '& rowOptTA' expression. clist_modern modern_rowtemplateopt.cpp 258


static ROWCELL* rowOptTA[100];

void rowOptAddContainer(HWND htree, HTREEITEM hti)
{
  ....
  ZeroMemory(rowOptTA,sizeof(&rowOptTA));
  ....
}

Only one item is cleared.

Similar errors can be found in some other places:

  • V568 It's odd that the argument of sizeof() operator is the '& rowOptTA' expression. clist_modern modern_rowtemplateopt.cpp 308
  • V568 It's odd that the argument of sizeof() operator is the '& rowOptTA' expression. clist_modern modern_rowtemplateopt.cpp 438

Apache HTTP Server

V568 It's odd that the argument of sizeof() operator is the 'sizeof (SECURITY_ATTRIBUTES)' expression. libhttpd util_win32.c 115


PSECURITY_ATTRIBUTES GetNullACL(void)
{
  PSECURITY_ATTRIBUTES sa;

  sa  = (PSECURITY_ATTRIBUTES) LocalAlloc(
    LPTR, sizeof(SECURITY_ATTRIBUTES));
  sa->nLength = sizeof(sizeof(SECURITY_ATTRIBUTES));
  ....
}

This is what should have been written here: sa->nLength = sizeof(SECURITY_ATTRIBUTES);


Energy Checker SDK

V568 It's odd that the argument of sizeof() operator is the '& file_data' expression. pl_csv_logger productivity_link_helper.c 1667


int plh_read_pl_folder(PPLH_PL_FOLDER_INFO pconfig) {
  ....
  WIN32_FIND_DATA file_data;
  ....
  memset(
    &file_data,
    0,
    sizeof(&file_data)
  );
  ....
}

This is what should have been written here: sizeof(file_data)

Similar errors can be found in some other places:

  • V568 It's odd that the argument of sizeof() operator is the '& file_data' expression. pl_csv_logger productivity_link_helper.c 1831

ReactOS

V568 It's odd that the argument of sizeof() operator is the 'UnknownError [0] - 20' expression. syssetup wizard.c 1696


static DWORD CALLBACK
RegistrationProc(LPVOID Parameter)
{
  ....
  if (0 == LoadStringW(hDllInstance, IDS_UNKNOWN_ERROR,
          UnknownError,
          sizeof(UnknownError) / sizeof(UnknownError[0] -
          20)))
  ....
}

A parenthesis seems to be put in a wrong place. This code should look like this: sizeof(UnknownError) / sizeof(UnknownError[0]).


OpenCV

V568 It's odd that the argument of sizeof() operator is the '& caps' expression. cap_vfw.cpp 409


CAPDRIVERCAPS caps;

bool CvCaptureCAM_VFW::open( int wIndex )
{
  ....
  memset( &caps, 0, sizeof(caps));
  capDriverGetCaps( hWndC, &caps, sizeof(&caps));
  ....
}

Asterisk

V568 It's odd that the argument of sizeof() operator is the 'data[0] * 2' expression. channel.c 8853


static int redirecting_reason_build_data(....)
{
  ....
  if (datalen < pos + sizeof(data[0] * 2) + length) {       // <=
    ast_log(LOG_WARNING, "No space left for %s string\n", label);
    return -1;
  }
  ....
}

Haiku Operation System

V568 It's odd that the argument of sizeof() operator is the 'sizeof (struct tlv_header_t)' expression. print-slow.c 255


void
slow_print(register const u_char *pptr, register u_int len) {
  ....
  if (vflag > 1)
    print_unknown_data(tptr+sizeof(sizeof(struct tlv_header_t)),
      "\n\t  ", tlv_len-sizeof(struct tlv_header_t));
  ....
}

Similar errors can be found in some other places:

  • V568 It's odd that the argument of sizeof() operator is the 'sizeof (struct lmp_object_header)' expression. print-lmp.c 872
  • V568 It's odd that the argument of sizeof() operator is the 'sizeof (struct tlv_header_t)' expression. print-slow.c 182
  • V568 It's odd that the argument of sizeof() operator is the 'sizeof (struct eigrp_tlv_header)' expression. print-eigrp.c 283
  • And 1 additional diagnostic messages.

Far2l

V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'PInfo' class object. filelist.cpp 672


int64_t FileList::VMProcess(int OpCode,
                            void *vParam,
                            int64_t iParam)
{
  switch (OpCode)
  {
  ....
  case MCODE_V_PPANEL_PREFIX:           // PPanel.Prefix
  {
    PluginInfo *PInfo = (PluginInfo *)vParam;
    memset(PInfo, 0, sizeof(PInfo));            // <=
    PInfo->StructSize = sizeof(PInfo);          // <=
    ....
  }
  ....
  }
}

Similar errors can be found in some other places:

  • V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'PInfo' class object. filelist.cpp 673
  • V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'HistoryItem' class object. history.cpp 594
  • V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'handle' class object. plugins.cpp 682

CryEngine V

V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'this' class object. ClipVolumeManager.cpp 145


void
CClipVolumeManager::GetMemoryUsage(class ICrySizer* pSizer) const
{
  pSizer->AddObject(this, sizeof(this));
  for (size_t i = 0; i < m_ClipVolumes.size(); ++i)
    pSizer->AddObject(m_ClipVolumes[i].m_pVolume);
}

EFL Core Libraries

V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'addr' class object. efl_net_server_tcp.c 192


EOLIAN static Eina_Error
_efl_net_server_tcp_efl_net_server_fd_socket_activate(....)
{
  ....
  struct sockaddr_storage *addr;
  socklen_t addrlen;
  ....
  addrlen = sizeof(addr);
  if (getsockname(fd, (struct sockaddr *)&addr, &addrlen) != 0)
  ....
}

Similar errors can be found in some other places:

  • V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'addr' class object. efl_net_server_udp.c 228
  • V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'addr' class object. efl_net_server_unix.c 198

XNU kernel

V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'thread_template.overrides' class object. thread.c 377


extern void bzero(void *, size_t);

static struct thread  thread_template, init_thread;

struct thread {
  ....
  struct thread_qos_override {
    struct thread_qos_override  *override_next;
    uint32_t  override_contended_resource_count;
    int16_t    override_qos;
    int16_t    override_resource_type;
    user_addr_t  override_resource;
  } *overrides;
  ....
};

void
thread_bootstrap(void)
{
  ....
  bzero(&thread_template.overrides,
        sizeof(thread_template.overrides));
  ....
}

One took a pointer to a pointer and nullified it. A very strange unnatural way to reset the value of the variable. It is much easier to write: thread_template.overrides = NULL; We can conclude that a developer wanted to reset the buffer, but nullified a pointer.


RT-Thread

V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'filter' class object. fsl_mcan.c 418


void MCAN_SetSTDFilterElement(CAN_Type *base,
  const mcan_frame_filter_config_t *config,
  const mcan_std_filter_element_config_t *filter,
  uint8_t idx)
{
  uint8_t *elementAddress = 0;
  elementAddress = (uint8_t *)(MCAN_GetMsgRAMBase(base) +
                               config->address + idx * 4U);
  memcpy(elementAddress, filter, sizeof(filter));
}

RT-Thread

V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'filter' class object. fsl_mcan.c 428


void MCAN_SetEXTFilterElement(CAN_Type *base,
  const mcan_frame_filter_config_t *config,
  const mcan_ext_filter_element_config_t *filter,
  uint8_t idx)
{
  uint8_t *elementAddress = 0;
  elementAddress = (uint8_t *)(MCAN_GetMsgRAMBase(base) +
                               config->address + idx * 8U);
  memcpy(elementAddress, filter, sizeof(filter));
}

Android

V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'st' class object. MtpFfsHandle.cpp 251


int MtpFfsHandle::handleControlRequest(const struct usb_ctrlrequest *setup) {
  ....
  struct mtp_device_status *st =
    reinterpret_cast<struct mtp_device_status*>(buf.data());
  st->wLength = htole16(sizeof(st));
  ....
}

Similar errors can be found in some other places:

  • V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'cacheinfo' class object. NetlinkEvent.cpp 220
  • V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'page->next' class object. linker_block_allocator.cpp 146
  • V568 It's odd that the argument of sizeof() operator is the '& session_id' expression. reference-ril.c 1775

Azure Service Fabric

V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'thisPtr' class object. TimerQueue.cpp 443


void TimerQueue::SigHandler(int sig, siginfo_t *si, void*)
{
  TimerQueue* thisPtr = (TimerQueue*)si->si_value.sival_ptr;

  auto written = write(thisPtr->pipeFd_[1],
                       &thisPtr, sizeof(thisPtr));

  Invariant(written == sizeof(thisPtr));           // <=
}
Invariant(written == sizeof(*thisPtr));


Найденные ошибки

Проверено проектов
366
Собрано ошибок
13 539

А ты совершаешь ошибки в коде?

Проверь с помощью
PVS-Studio

Статический анализ
кода для C, C++, C#
и Java

goto PVS-Studio;