Примеры ошибок, обнаруженных с помощью диагностики V774


V774. The pointer was used after the memory was released.


Augeas

V774 The 'child' pointer was used after the memory was reallocated. augtool.c 151


static char *readline_path_generator(const char *text, int state)
{
  ....
  if (ctx != NULL) {
    char *c = realloc(child, strlen(child)-strlen(ctx)+1);  // <=
    if (c == NULL)
      return NULL;
    int ctxidx = strlen(ctx);
    if (child[ctxidx] == SEP)                               // <=
      ctxidx++;
    strcpy(c, &child[ctxidx]);                              // <=
    child = c;
  }
  ....
}

Similar errors can be found in some other places:

  • V774 The 'child' pointer was used after the memory was reallocated. augtool.c 153

Bind

V774 The 'res' pointer was used after the memory was released. sample-request.c 225


int
main(int argc, char *argv[]) {
  ....
  struct addrinfo hints, *res;
  ....
  gaierror = getaddrinfo(argv[0], "53", &hints, &res);
  ....
  memmove(&sa.type, res->ai_addr, res->ai_addrlen);
  freeaddrinfo(res);                                    // <=
  sa.length = (unsigned int)res->ai_addrlen;            // <=
  ....
}

Similar errors can be found in some other places:

  • V774 The 'res' pointer was used after the memory was released. sample-update.c 193
  • V774 The 'res' pointer was used after the memory was released. sample-update.c 217

MuseScore

V774 The 'slur' pointer was used after the memory was released. importgtp-gp6.cpp 2072


void GuitarPro6::readGpif(QByteArray* data)
{
  if (c) {
    slur->setTick2(c->tick());
    score->addElement(slur);
    legatos[slur->track()] = 0;
  }
  else {
    delete slur;
    legatos[slur->track()] = 0;
  }
}

ICU

V774 CWE-416 The 'mzMappings' pointer was used after the memory was released. zonemeta.cpp 713


UVector*
ZoneMeta::createMetazoneMappings(const UnicodeString &tzid) {
  UVector *mzMappings = NULL;
  ....
  if (U_SUCCESS(status)) {
    ....
    if (U_SUCCESS(status)) {
      ....
      while (ures_hasNext(rb)) {
        ....
        if (mzMappings == NULL) {
          mzMappings = new UVector(
            deleteOlsonToMetaMappingEntry, NULL, status);
          if (U_FAILURE(status)) {
            delete mzMappings;
            uprv_free(entry);
            break;
          }
        }
        ....
      }
      ....
    }
  }
  ures_close(rb);
  return mzMappings;
}

Code is complicated and I find it difficult to say exactly, if there is a bug or not. But it seems to me, it is possible that this function will return a pointer to the memory block being freed.


Qalculate!

V774 The 'cu' pointer was used after the memory was released. Calculator.cc 3595


MathStructure Calculator::convertToBestUnit(....)
{
  ....
  CompositeUnit *cu = new CompositeUnit("", "....");
  cu->add(....);
  Unit *u = getBestUnit(cu, false, eo.local_currency_conversion);
  if(u == cu) {
    delete cu;                                   // <=
    return mstruct_new;
  }
  delete cu;                                     // <=
  if(eo.approximation == APPROXIMATION_EXACT &&
     cu->hasApproximateRelationTo(u, true)) {    // <=
    if(!u->isRegistered()) delete u;
    return mstruct_new;
  }
  ....
}

Haiku Operation System

V774 The 'device' pointer was used after the memory was released. xhci.cpp 1572


void
XHCI::FreeDevice(Device *device)
{
  uint8 slot = fPortSlots[device->HubPort()];
  TRACE("FreeDevice() port %d slot %d\n", device->HubPort(), slot);

  // Delete the device first, so it cleans up its pipes and tells us
  // what we need to destroy before we tear down our internal state.
  delete device;

  DisableSlot(slot);
  fDcba->baseAddress[slot] = 0;
  fPortSlots[device->HubPort()] = 0;
  delete_area(fDevices[slot].trb_area);
  delete_area(fDevices[slot].input_ctx_area);
  delete_area(fDevices[slot].device_ctx_area);

  memset(&fDevices[slot], 0, sizeof(xhci_device));
  fDevices[slot].state = XHCI_STATE_DISABLED;
}

Similar errors can be found in some other places:

  • V774 The 'self' pointer was used after the memory was released. TranslatorRoster.cpp 884
  • V774 The 'string' pointer was used after the memory was released. RemoteView.cpp 1269
  • V774 The 'bs' pointer was used after the memory was released. mkntfs.c 4291
  • And 2 additional diagnostic messages.


Найденные ошибки

Проверено проектов
367
Собрано ошибок
13 552

А ты совершаешь ошибки в коде?

Проверь с помощью
PVS-Studio

Статический анализ
кода для C, C++, C#
и Java

goto PVS-Studio;