Примеры ошибок, обнаруженных с помощью диагностики V609

V609. Possible division or mod by zero.

VNL

V609 Divide by zero. Denominator 'x' == 0. pow_ii.c 28

integer pow_ii(integer *ap, integer *bp)
{
  integer pow, x, n;
  unsigned long u;

  x = *ap;
  n = *bp;

  if (n <= 0)
  {
    if (n == 0 || x == 1)
      return 1;

    if (x != -1)
      return x == 0 ? 1/x : 0;

    n = -n;
  }
  ....
}

Mozilla Thunderbird

V609 Divide by zero. Denominator range [0..8]. ionbuilder.cpp 10922

static inline size_t UnboxedTypeSize(JSValueType type)
{
  switch (type) {
    ....
  default: return 0;
  }
}

MInstruction*IonBuilder::loadUnboxedProperty(size_t offset,
                              JSValueType unboxedType, ....)
{
  size_t index = offset / UnboxedTypeSize(unboxedType);
  ....
}

Similar errors can be found in some other places:

• V609 Divide by zero. Denominator range [0..8]. ionbuilder.cpp 11844

Inkscape

V609 Divide by zero. Denominator range [0..999]. lpe-fillet-chamfer.cpp 607

Geom::PathVector
LPEFilletChamfer::doEffect_path(....)
{
  ....
  if(....){
    ....
  } else if (type >= 3000 && type < 4000) {
      unsigned int chamferSubs = type-3000;
      ....
      double chamfer_stepsTime = 1.0/chamferSubs;
      ....
  }
  ....
}

Similar errors can be found in some other places:

• V609 Divide by zero. Denominator range [0..999]. lpe-fillet-chamfer.cpp 623

Chromium

V609 Divide by zero. Denominator range [0..4096]. addr.h 159

static int BlockSizeForFileType(FileType file_type) {
    switch (file_type) {
      ....
      default:
        return 0;
    }
}

static int RequiredBlocks(int size, FileType file_type)
{
  int block_size = BlockSizeForFileType(file_type);
  return (size + block_size - 1) / block_size;             // <=
}

EFL Core Libraries

V609 Mod by zero. Denominator range [0..24]. eina_inline_value_util.x 59

static inline size_t
eina_value_util_type_size(const Eina_Value_Type *type)
{
  if (type == EINA_VALUE_TYPE_INT)
    return sizeof(int32_t);
  if (type == EINA_VALUE_TYPE_UCHAR)
    return sizeof(unsigned char);
  if ((type == EINA_VALUE_TYPE_STRING) ||
      (type == EINA_VALUE_TYPE_STRINGSHARE))
    return sizeof(char*);
  if (type == EINA_VALUE_TYPE_TIMESTAMP)
    return sizeof(time_t);
  if (type == EINA_VALUE_TYPE_ARRAY)
    return sizeof(Eina_Value_Array);
  if (type == EINA_VALUE_TYPE_DOUBLE)
    return sizeof(double);
  if (type == EINA_VALUE_TYPE_STRUCT)
    return sizeof(Eina_Value_Struct);
  return 0;                                            // <=
}

static inline unsigned int
eina_value_util_type_offset(
  const Eina_Value_Type *type, unsigned int base)
{
   unsigned size, padding;
   size = eina_value_util_type_size(type);             // <=
   if (!(base % size))                                 // <=
     return base;
   padding = ( (base > size) ? (base - size) : (size - base));
   return base + padding;
}

SpeedCrunch

V609 Divide by zero. Denominator range [0..4]. floatconvert.c 266

static int
lgbase( signed char base)
{
  switch(base)
  {
    case 2:
      return 1;
    case 8:
      return 3;
    case 16:
      return 4;
  }
  return 0;                                       // <=
}

static void
_setlongintdesc(
  p_ext_seq_desc n,
  t_longint* l,
  signed char base)
{
  int lg;

  n->seq.base = base;
  lg = lgbase(base);                              // <=
  n->seq.digits = (_bitlength(l) + lg - 1) / lg;  // <=
  n->seq.leadingSignDigits = 0;
  n->seq.trailing0 = _lastnonzerobit(l) / lg;     // <=
  n->seq.param = l;
  n->getdigit = _getlongintdigit;
}

Haiku Operation System

V609 Divide by zero. Denominator range [0..64]. UiUtils.cpp 544

static int32 GetSIMDFormatByteSize(uint32 format)
{
  switch (format) {
    case SIMD_RENDER_FORMAT_INT8:
      return sizeof(char);
    case SIMD_RENDER_FORMAT_INT16:
      return sizeof(int16);
    case SIMD_RENDER_FORMAT_INT32:
      return sizeof(int32);
    case SIMD_RENDER_FORMAT_INT64:
      return sizeof(int64);
    case SIMD_RENDER_FORMAT_FLOAT:
      return sizeof(float);
    case SIMD_RENDER_FORMAT_DOUBLE:
      return sizeof(double);
  }
  return 0;
}

const BString&
UiUtils::FormatSIMDValue(const BVariant& value, uint32 bitSize,
  uint32 format, BString& _output)
{
  _output.SetTo("{");
  char* data = (char*)value.ToPointer();
  uint32 count = bitSize / (GetSIMDFormatByteSize(format) * 8);  // <=
  ....
}

ROOT

V609 Divide by zero. Denominator range [0..100]. TGHtmlImage.cxx 340

const char *TGHtml::GetPctWidth(TGHtmlElement *p, char *opt, char *ret)
{
  int n, m, val;
  ....
  if (n < 0 || n > 100) return z;
  if (opt[0] == 'h') {
    val = fCanvas->GetHeight() * 100;
  } else {
    val = fCanvas->GetWidth() * 100;
  }
  if (!fInTd) {
    snprintf(ret, 15, "%d", val / n);
  } else {
    ....
  }
  ....
}

LLVM/Clang

V609 Mod by zero. Denominator 'd.s.low' == 0. udivmoddi4.c 61

typedef int32_t si_int;
typedef uint32_t su_int;

typedef union {
  du_int all;
  struct {
#if _YUGA_LITTLE_ENDIAN
    su_int low;
    su_int high;
#else
    su_int high;
    su_int low;
#endif // _YUGA_LITTLE_ENDIAN
  } s;
} udwords;

COMPILER_RT_ABI du_int __udivmoddi4(du_int a, du_int b, du_int *rem) {
  ....
  if (d.s.low == 0) {
    if (d.s.high == 0) {
      // K X
      // ---
      // 0 0
      if (rem)
        *rem = n.s.high % d.s.low;
      return n.s.high / d.s.low;
    }
  ....
}

Similar errors can be found in some other places:

• V609 Divide by zero. Denominator 'd.s.low' == 0. udivmoddi4.c 62

MuditaOS

V609 [CERT-EXP37-C] Divide by zero. The 'qfilter_CalculateCoeffs' function processes value '0'. Inspect the third argument. Check lines: 'Equalizer.cpp:26', 'unittest_equalizer.cpp:91'. Equalizer.cpp 26

// Equalizer.cpp
QFilterCoefficients qfilter_CalculateCoeffs(
        FilterType filter, float frequency, uint32_t samplerate, float Q,
        float gain)
{
  constexpr auto qMinValue         = .1f;
  constexpr auto qMaxValue         = 10.f;
  constexpr auto frequencyMinValue = 0.f;

  if (frequency < frequencyMinValue && filter != FilterType::FilterNone)
  {
    throw std::invalid_argument("Negative frequency provided");
  }
  if ((Q < qMinValue || Q > qMaxValue) && filter != FilterType::FilterNone)
  {
    throw std::invalid_argument("Q out of range");
  }
  ....
  float omega    = 2 * M_PI * frequency / samplerate;
  ....
}
....
// unittest_equalizer.cpp
const auto filterNone = qfilter_CalculateCoeffs(FilterType::FilterNone,
                                                0, 0, 0, 0);

Ogre3D

V609. Possible division or mod by zero. OgreInstanceBatchHW_VTF.cpp 56

static const uint16 c_maxTexWidthHW = 4096;
const size_t numBones =
  std::max<size_t>(1, baseSubMesh->blendIndexToBoneIndexMap.size());
// ....
const size_t maxUsableWidth = c_maxTexWidthHW –
                             (c_maxTexWidthHW % (numBones * mRowLength));
// ....
size_t texHeight = numWorldMatrices * mRowLength / maxUsableWidth; // <=

The maxUsableWidth variable can have a value from 0 to 4096. Thus, if maxUsableWidth suddenly turns out to be zero, we will get a division by zero at the place specified by the comment. Boom! But the code seems to be clean. It even compiles and works until 0 slips into the maxUsableWidth variable. This can happen if the result of numBones * mRowLength is greater than 4096. The size of the blendIndexToBoneIndexMap vector is used to initialize the numBones variable. Perhaps developers control the number of container elements outside the class. But maybe they're just lucky that the vector isn't big enough. However, if the vector is suddenly larger than 4096, the division by zero will happen — the program will crash