On Thu, Aug 27, 2009 at 3:52 PM, chris ahrendtcelticht32@yahoo.com wrote:
This is the result of running cppcheck 1.35 with the --all parm against the august 27th Git tree:
[../wine-git/dlls/dbghelp/msc.c:88]: (possible error) Array index out of bounds [../wine-git/dlls/dbghelp/msc.c:89]: (possible error) Array index out of bounds
False positive, apparently the numbers are hardcoded as: 72 char msg[128]; 88 msg[10 + 3 * 16] = ' '; // = 58<127 89 msg[10 + 3 * 16 + 1 + 16] = '\0'; // = 75<127
[../wine-git/dlls/shell32/cpanelfolder.c:562]: (error) Possible null pointer dereference: rgfInOut [../wine-git/dlls/shell32/shfldr_desktop.c:437]: (error) Possible null pointer dereference: rgfInOut [../wine-git/dlls/shell32/shfldr_fs.c:577]: (error) Possible null pointer dereference: rgfInOut [../wine-git/dlls/shell32/shfldr_mycomp.c:474]: (error) Possible null pointer dereference: rgfInOut [../wine-git/dlls/shell32/shfldr_netplaces.c:352]: (error) Possible null pointer dereference: rgfInOut
It doesn't like the ternary operator? These lines are TRACE lines with one of the args being ``rgfInOut ? *rgfInOut : 0''. False positive.
[../wine-git/dlls/user32/tests/msg.c:63]: (error) Invalid number of character ({). Can't process file. [../wine-git/dlls/winealsa.drv/waveinit.c:745]: (possible error) Buffer overrun
739 char defaultpcmname[256]; 745 sprintf(defaultpcmname, "default");
Something is wrong with cppcheck... False positive.
[../wine-git/dlls/wined3d/arb_program_shader.c:907]: (possible error) Buffer overrun [../wine-git/dlls/wined3d/arb_program_shader.c:915]: (possible error) Buffer overrun [../wine-git/dlls/wined3d/glsl_shader.c:3416]: (possible error) Buffer overrun [../wine-git/dlls/wined3d/glsl_shader.c:3418]: (possible error) Buffer overrun [../wine-git/dlls/wined3d/glsl_shader.c:3519]: (possible error) Buffer overrun [../wine-git/dlls/wined3d/glsl_shader.c:3521]: (possible error) Buffer overrun
Not checking those - i don't even pretend to understand how modern graphics works.
[../wine-git/dlls/wineoss.drv/mixer.c:1458]: (possible error) Buffer overrun
So...it picks 1455 char name[32]; 1458 sprintf(name, "/dev/mixer");
as an error, but not:
1460 sprintf(name, "/dev/mixer%d", i);
False positive.
[../wine-git/dlls/wineps.drv/init.c:270]: (error) Possible null pointer dereference: dmW
This one is actually a bug, the null check is below this line. All the callers check for nulls, though.
[../wine-git/programs/oleview/pane.c:152]: (error) Possible null pointer dereference: hWndCreated
Also a bug, and a very real one. Coincidentally, the null check on the next line is also wrong (should be if (!*hWndCreated) )
[../wine-git/programs/winetest/main.c:114]: (possible error) Buffer overrun [../wine-git/programs/winetest/main.c:116]: (possible error) Buffer overrun [../wine-git/programs/winetest/main.c:119]: (possible error) Buffer overrun [../wine-git/programs/winetest/main.c:121]: (possible error) Buffer overrun
More of sprintf with just a string nonsense. False positive.
[../wine-git/server/file.c:235]: (possible error) Buffer overrun
Also sprintf nonsense, but slightly more dangerous. The buffer is declared with [16] and the string is of length 14+1, so a few more bytes wouldn't hurt. :)
Chris
If someone could send patches for the few bugs that would be nice.
Chris - cppcheck is clearly crazy about sprintf's and ternary operators. You might want to report that.
Mike.