Примеры ошибок, обнаруженных с помощью диагностики V568
V568. It is suspicious that the argument of sizeof() operator is the expression.
Wolfenstein 3D
V568 It's odd that the argument of sizeof() operator is the '& itemInfo' expression. cgame cg_weapons.c 1467
void CG_RegisterItemVisuals( int itemNum ) {
....
itemInfo_t *itemInfo;
....
memset( itemInfo, 0, sizeof( &itemInfo ) );
....
}
This is what should have been written here: memset( itemInfo, 0, sizeof( *itemInfo ) ).
FCEUX
V568 It's odd that the argument of sizeof() operator is the 'buff - 1' expression. fceux monitor.cpp 117
BOOL updateResults(HWND hwndDlg, int rule)
{
char buff[0x100];
....
SendDlgItemMessage(hwndDlg, RULE_INPUT_1 + i, WM_GETTEXT,
sizeof(buff - 1), (LPARAM) input_buff);
....
}
This is what should have been written here: sizeof(buff) - 1.
CxImage
V568 It's odd that the argument of sizeof() operator is the expression. jasper jpc_enc.c 2157
static jpc_enc_tcmpt_t *tcmpt_create(....)
{
....
memset(tcmpt->stepsizes, 0,
sizeof(tcmpt->numstepsizes * sizeof(uint_fast16_t)));
....
}
This is what should have been written here: memset(tcmpt->stepsizes, 0, tcmpt->numstepsizes * sizeof(uint_fast16_t));
Miranda IM
V568 It's odd that the argument of sizeof() operator is the '& ImgIndex' expression. clist_modern modern_extraimage.cpp 302
void ExtraImage_SetAllExtraIcons(HWND hwndList,HANDLE hContact)
{
....
char *(ImgIndex[64]);
....
memset(&ImgIndex,0,sizeof(&ImgIndex));
....
}
The programmer wanted to zero an array consisting of 64 pointers. But only the first item was zeroed. This
Similar errors can be found in some other places:
- V568 It's odd that the argument of sizeof() operator is the '& ImgIndex' expression. clist_mw extraimage.c 295
Miranda IM
V568 It's odd that the argument of sizeof() operator is the '& rowOptTA' expression. clist_modern modern_rowtemplateopt.cpp 258
static ROWCELL* rowOptTA[100];
void rowOptAddContainer(HWND htree, HTREEITEM hti)
{
....
ZeroMemory(rowOptTA,sizeof(&rowOptTA));
....
}
Only one item is cleared.
Similar errors can be found in some other places:
- V568 It's odd that the argument of sizeof() operator is the '& rowOptTA' expression. clist_modern modern_rowtemplateopt.cpp 308
- V568 It's odd that the argument of sizeof() operator is the '& rowOptTA' expression. clist_modern modern_rowtemplateopt.cpp 438
Apache HTTP Server
V568 It's odd that the argument of sizeof() operator is the 'sizeof (SECURITY_ATTRIBUTES)' expression. libhttpd util_win32.c 115
PSECURITY_ATTRIBUTES GetNullACL(void)
{
PSECURITY_ATTRIBUTES sa;
sa = (PSECURITY_ATTRIBUTES) LocalAlloc(
LPTR, sizeof(SECURITY_ATTRIBUTES));
sa->nLength = sizeof(sizeof(SECURITY_ATTRIBUTES));
....
}
This is what should have been written here: sa->nLength = sizeof(SECURITY_ATTRIBUTES);
Energy Checker SDK
V568 It's odd that the argument of sizeof() operator is the '& file_data' expression. pl_csv_logger productivity_link_helper.c 1667
int plh_read_pl_folder(PPLH_PL_FOLDER_INFO pconfig) {
....
WIN32_FIND_DATA file_data;
....
memset(
&file_data,
0,
sizeof(&file_data)
);
....
}
This is what should have been written here: sizeof(file_data)
Similar errors can be found in some other places:
- V568 It's odd that the argument of sizeof() operator is the '& file_data' expression. pl_csv_logger productivity_link_helper.c 1831
ReactOS
V568 It's odd that the argument of sizeof() operator is the 'UnknownError [0] - 20' expression. syssetup wizard.c 1696
static DWORD CALLBACK
RegistrationProc(LPVOID Parameter)
{
....
if (0 == LoadStringW(hDllInstance, IDS_UNKNOWN_ERROR,
UnknownError,
sizeof(UnknownError) / sizeof(UnknownError[0] -
20)))
....
}
A parenthesis seems to be put in a wrong place. This code should look like this: sizeof(UnknownError) / sizeof(UnknownError[0]).
OpenCV
V568 It's odd that the argument of sizeof() operator is the '& caps' expression. cap_vfw.cpp 409
CAPDRIVERCAPS caps;
bool CvCaptureCAM_VFW::open( int wIndex )
{
....
memset( &caps, 0, sizeof(caps));
capDriverGetCaps( hWndC, &caps, sizeof(&caps));
....
}
Asterisk
V568 It's odd that the argument of sizeof() operator is the 'data[0] * 2' expression. channel.c 8853
static int redirecting_reason_build_data(....)
{
....
if (datalen < pos + sizeof(data[0] * 2) + length) { // <=
ast_log(LOG_WARNING, "No space left for %s string\n", label);
return -1;
}
....
}
Haiku Operation System
V568 It's odd that the argument of sizeof() operator is the 'sizeof (struct tlv_header_t)' expression. print-slow.c 255
void
slow_print(register const u_char *pptr, register u_int len) {
....
if (vflag > 1)
print_unknown_data(tptr+sizeof(sizeof(struct tlv_header_t)),
"\n\t ", tlv_len-sizeof(struct tlv_header_t));
....
}
Similar errors can be found in some other places:
- V568 It's odd that the argument of sizeof() operator is the 'sizeof (struct lmp_object_header)' expression. print-lmp.c 872
- V568 It's odd that the argument of sizeof() operator is the 'sizeof (struct tlv_header_t)' expression. print-slow.c 182
- V568 It's odd that the argument of sizeof() operator is the 'sizeof (struct eigrp_tlv_header)' expression. print-eigrp.c 283
- And 1 additional diagnostic messages.
Far2l
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'PInfo' class object. filelist.cpp 672
int64_t FileList::VMProcess(int OpCode,
void *vParam,
int64_t iParam)
{
switch (OpCode)
{
....
case MCODE_V_PPANEL_PREFIX: // PPanel.Prefix
{
PluginInfo *PInfo = (PluginInfo *)vParam;
memset(PInfo, 0, sizeof(PInfo)); // <=
PInfo->StructSize = sizeof(PInfo); // <=
....
}
....
}
}
Similar errors can be found in some other places:
- V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'PInfo' class object. filelist.cpp 673
- V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'HistoryItem' class object. history.cpp 594
- V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'handle' class object. plugins.cpp 682
CryEngine V
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'this' class object. ClipVolumeManager.cpp 145
void
CClipVolumeManager::GetMemoryUsage(class ICrySizer* pSizer) const
{
pSizer->AddObject(this, sizeof(this));
for (size_t i = 0; i < m_ClipVolumes.size(); ++i)
pSizer->AddObject(m_ClipVolumes[i].m_pVolume);
}
EFL Core Libraries
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'addr' class object. efl_net_server_tcp.c 192
EOLIAN static Eina_Error
_efl_net_server_tcp_efl_net_server_fd_socket_activate(....)
{
....
struct sockaddr_storage *addr;
socklen_t addrlen;
....
addrlen = sizeof(addr);
if (getsockname(fd, (struct sockaddr *)&addr, &addrlen) != 0)
....
}
Similar errors can be found in some other places:
- V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'addr' class object. efl_net_server_udp.c 228
- V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'addr' class object. efl_net_server_unix.c 198
XNU kernel
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'thread_template.overrides' class object. thread.c 377
extern void bzero(void *, size_t);
static struct thread thread_template, init_thread;
struct thread {
....
struct thread_qos_override {
struct thread_qos_override *override_next;
uint32_t override_contended_resource_count;
int16_t override_qos;
int16_t override_resource_type;
user_addr_t override_resource;
} *overrides;
....
};
void
thread_bootstrap(void)
{
....
bzero(&thread_template.overrides,
sizeof(thread_template.overrides));
....
}
One took a pointer to a pointer and nullified it. A very strange unnatural way to reset the value of the variable. It is much easier to write: thread_template.overrides = NULL; We can conclude that a developer wanted to reset the buffer, but nullified a pointer.
RT-Thread
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'filter' class object. fsl_mcan.c 418
void MCAN_SetSTDFilterElement(CAN_Type *base,
const mcan_frame_filter_config_t *config,
const mcan_std_filter_element_config_t *filter,
uint8_t idx)
{
uint8_t *elementAddress = 0;
elementAddress = (uint8_t *)(MCAN_GetMsgRAMBase(base) +
config->address + idx * 4U);
memcpy(elementAddress, filter, sizeof(filter));
}
RT-Thread
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'filter' class object. fsl_mcan.c 428
void MCAN_SetEXTFilterElement(CAN_Type *base,
const mcan_frame_filter_config_t *config,
const mcan_ext_filter_element_config_t *filter,
uint8_t idx)
{
uint8_t *elementAddress = 0;
elementAddress = (uint8_t *)(MCAN_GetMsgRAMBase(base) +
config->address + idx * 8U);
memcpy(elementAddress, filter, sizeof(filter));
}
Android
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'st' class object. MtpFfsHandle.cpp 251
int MtpFfsHandle::handleControlRequest(const struct usb_ctrlrequest *setup) {
....
struct mtp_device_status *st =
reinterpret_cast<struct mtp_device_status*>(buf.data());
st->wLength = htole16(sizeof(st));
....
}
Similar errors can be found in some other places:
- V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'cacheinfo' class object. NetlinkEvent.cpp 220
- V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'page->next' class object. linker_block_allocator.cpp 146
- V568 It's odd that the argument of sizeof() operator is the '& session_id' expression. reference-ril.c 1775
Azure Service Fabric
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'thisPtr' class object. TimerQueue.cpp 443
void TimerQueue::SigHandler(int sig, siginfo_t *si, void*)
{
TimerQueue* thisPtr = (TimerQueue*)si->si_value.sival_ptr;
auto written = write(thisPtr->pipeFd_[1],
&thisPtr, sizeof(thisPtr));
Invariant(written == sizeof(thisPtr)); // <=
}
Invariant(written == sizeof(*thisPtr));
PMDK
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'pop' class object. util_ctl.c 717
struct pool {
struct ctl *ctl;
};
int
main(int argc, char *argv[])
{
....
struct pool *pop = malloc(sizeof(pop));
....
}
Microsoft PowerToys
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'keyEventList' class object. KeyboardEventHandlers.cpp 16
typedef struct tagINPUT {
DWORD type;
union
{
MOUSEINPUT mi;
KEYBDINPUT ki;
HARDWAREINPUT hi;
} DUMMYUNIONNAME;
} INPUT, *PINPUT, FAR* LPINPUT;
void SetNumLockToPreviousState(....)
{
int key_count = 2;
LPINPUT keyEventList = new INPUT[size_t(key_count)]();
memset(keyEventList, 0, sizeof(keyEventList));
....
}