Мы используем куки, чтобы пользоваться сайтом было удобно.
Хорошо
to the top
close form

Заполните форму в два простых шага ниже:

Ваши контактные данные:

Шаг 1
Поздравляем! У вас есть промокод!

Тип желаемой лицензии:

Шаг 2
Team license
Enterprise license
** Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности
close form
Запросите информацию о ценах
Новая лицензия
Продление лицензии
--Выберите валюту--
USD
EUR
RUB
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

close form
Бесплатная лицензия PVS‑Studio для специалистов Microsoft MVP
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

close form
Для получения лицензии для вашего открытого
проекта заполните, пожалуйста, эту форму
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

close form
Мне интересно попробовать плагин на:
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

close form
check circle
Ваше сообщение отправлено.

Мы ответим вам на


Если вы так и не получили ответ, пожалуйста, проверьте, отфильтровано ли письмо в одну из следующих стандартных папок:

  • Промоакции
  • Оповещения
  • Спам

Вебинар: Использование статических анализаторов кода при разработке безопасного ПО - 19.12

>
>
>
Примеры ошибок, обнаруженных с помощью …

Примеры ошибок, обнаруженных с помощью диагностики V579

V579. The 'Foo' function receives the pointer and its size as arguments. This may be a potential error. Inspect the Nth argument.


Apache HTTP Server

V579 The apr_snprintf function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. libhttpd util_pcre.c 85


AP_DECLARE(apr_size_t) ap_regerror(int errcode,
  const ap_regex_t *preg, char *errbuf, apr_size_t errbuf_size)
{
  ....
  apr_snprintf(errbuf, sizeof errbuf,
    "%s%s%-6d", message, addmessage, (int)preg->re_erroffset);
  ....
}

Far Manager

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. far treelist.hpp 66


struct TreeItem
{
  int *Last;
  size_t LastCount;
  ....
  void Clear()
  {
    strName.Clear();
    memset(Last,0,sizeof(Last));
    Depth=0;
  }
};

This is what should have been written here: memset(Last,0,LastCount*sizeof(int));


ReactOS

V579 The strncmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. vga vbe.c 57


static const PCHAR Nv11Board = "NV11 (GeForce2) Board";
static const PCHAR Nv11Chip = "Chip Rev B2";
static const PCHAR Nv11Vendor = "NVidia Corporation";

BOOLEAN
IsVesaBiosOk(....)
{
  ....
  if (!(strncmp(Vendor, Nv11Vendor, sizeof(Nv11Vendor))) &&
      !(strncmp(Product, Nv11Board, sizeof(Nv11Board))) &&
      !(strncmp(Revision, Nv11Chip, sizeof(Nv11Chip))) &&
      (OemRevision == 0x311))
  ....
}

The error is this: sizeof() returns the pointer size, not string length.

Similar errors can be found in some other places:

  • V579 The strncmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. vga vbe.c 54
  • V579 The WriteFile function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. syssetup logfile.c 188

ReactOS

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. ntoskrnl cmcontrl.c 121


typedef struct _HHIVE
{
  ....
} HHIVE, *PHHIVE;

VOID
CmGetSystemControlValues(....)
{
  PHHIVE SystemHive = (PHHIVE)&CmControlHive;
  ....
  RtlZeroMemory(SystemHive, sizeof(SystemHive));
  ....
}

Most likely this is what should be written here: RtlZeroMemory(SystemHive, sizeof(*SystemHive));


Chromium

V579 The strncmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. ppapi_tests test_file_io.cc 759


std::string TestFileIO::TestParallelReads() {
  ....
  const char* expected_result_1 =
    "__border__abc__border__";
  const char* expected_result_2 =
    "__border__defghijkl__border__";
  if (strncmp(extended_buf_1, expected_result_1,
              sizeof(expected_result_1)) != 0 ||
      strncmp(extended_buf_2, expected_result_2,
              sizeof(expected_result_2)) != 0) {
  ....
}

Similar errors can be found in some other places:

  • V579 The strncmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. ppapi_tests test_file_io.cc 761

Chromium

V579 The strncmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. hunspell affixmgr.cxx 3545


int  AffixMgr::parse_convtable(..., const char * keyword)
{
  ....
  if (strncmp(piece, keyword, sizeof(keyword)) != 0) {
  ....
}

Doom 3

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. DoomDLL megatexture.cpp 542


void idMegaTexture::GenerateMegaMipMaps() {
  ....
  byte *newBlock = (byte *)_alloca( tileSize );
  ....
  memset( newBlock, 0, sizeof( newBlock ) );
  ....
}

Most likely this is what should be written here: memset( newBlock, 0, tileSize );


Mozilla Firefox

V579 The strncmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. affixmgr.cpp 3708


int  AffixMgr::parse_convtable(..., const char * keyword)
{
  ....
  if (strncmp(piece, keyword, sizeof(keyword)) != 0) {
      HUNSPELL_WARNING(stderr,
        "error: line %d: table is corrupt\n", af->getlinenum());
      delete *rl;
      *rl = NULL;
      return 1;
  }
  ....
}

Most likely this is what should be written here: if (strncmp(piece, keyword, strlen(keyword)) != 0) {


Mozilla Firefox

V579 The InternetSetOptionW function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the fourth argument. http_upload.cc 152


bool HTTPUpload::SendRequest(..., int *timeout, ...)
{
  if (timeout) {
    if (!InternetSetOption(request.get(),
                           INTERNET_OPTION_SEND_TIMEOUT,
                           timeout,
                           sizeof(timeout))) {
      fwprintf(stderr,
        L"Could not unset send timeout, continuing...\n");
    }
  ....
}

Similar errors can be found in some other places:

  • V579 The InternetSetOptionW function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the fourth argument. http_upload.cc 159

Quake-III-Arena

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. Radiant xywnd.cpp 3512


void CXYWnd::Paste()
{
  ....
  char* pBuffer = new char[nLen+1];
  memset( pBuffer, 0, sizeof(pBuffer) );
  ....
}

Most likely this is what should be written here: memset( pBuffer, 0, (nLen+1) * sizeof(char) );


Dolphin Emulator

V579 The memcmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. VideoDX11 d3dutil.cpp 598


void drawShadedTexSubQuad(...,
  const MathUtil::Rectangle<float>* rDest, ...)
{
  ....
  if (stsq_observer ||
      memcmp(rDest, &tex_sub_quad_data.rdest,
             sizeof(rDest)) != 0 ||
      tex_sub_quad_data.u1 != u1 ||
      tex_sub_quad_data.v1 != v1 ||
      tex_sub_quad_data.u2 != u2 ||
      tex_sub_quad_data.v2 != v2 ||
      tex_sub_quad_data.G != G)
  ....
}

Dolphin Emulator

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. Core ppcanalyst.cpp 302


u32 Flatten(..., BlockStats *st, ...)
{
  ....
  memset(st, 0, sizeof(st));
  ....
}

Quake-III-Arena

V579 The Com_Memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. quake3 cvar.c 763


void Cvar_Restart_f( void ) {
  cvar_t *var;
  ....
  // clear the var completely, since we
  // can't remove the index from the list
  Com_Memset( var, 0, sizeof( var ) );
  ....
}

Most likely this is what should be written here: Com_Memset( var, 0, sizeof( *var ) );


ADAPTIVE Communication Environment (ACE)

V579 The strsncpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. ACE name_request_reply.cpp 251


char *strsncpy (char *dst,
                const char *src,
                size_t maxlen);

class ACE_Export ACE_Name_Request
{
  ....
  /// Pointer to the beginning of the type in this->data_;
  char *type_;
};

void
ACE_Name_Request::type (const char *c)
{
  ACE_TRACE ("ACE_Name_Request::type");
  ACE_OS::strsncpy (this->type_,
                    c,
                    sizeof this->type_);
}

Similar errors can be found in some other places:

  • V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. thread.inl 172

Blender

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. bf_imbuf tiff.c 442


static int imb_read_tiff_pixels(....)
{
  float *fbuf=NULL;
  ....
  memset(fbuf, 1.0, sizeof(fbuf));
  ....
}

Something strange. There's also 1.0 used here.

Similar errors can be found in some other places:

  • V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. bf_imbuf tiff.c 450

PeerBlock

V579 The Curl_strntoupper function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. libcurl rtsp.c 753


void Curl_strntoupper(char *dest, const char *src, size_t n)
{
  if(n < 1)
    return;

  do {
    *dest++ = Curl_raw_toupper(*src);
  } while(*src++ && --n);
}

CURLcode Curl_rtsp_parseheader(....)
{
  ....
  char *temp = strdup(header);
  ....
  Curl_strntoupper(temp, temp, sizeof(temp));
  ....
}

UCSniff

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. directory_parser.c 1338


int check_name_value(... ,char *target)
{
  ....
  memset(target,'\0',sizeof(target));
  ....
}

MAME

V579 The memcmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. apridisk.c 128


static const char *apr_magic =
  "ACT Apricot disk image\x1a\x04";

FLOPPY_IDENTIFY( apridisk_identify )
{
  UINT8 header[APR_HEADER_SIZE];

  /* get header */
  floppy_image_read(floppy, &header, 0, sizeof(header));

  /* look for the magic string */
  if (memcmp(header, apr_magic, sizeof(apr_magic)) == 0)
  ....
}

Trans-Proteomic Pipeline

V579 The strncpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. CombineOut out2xml.cxx 210


void Out2XML::writeOutData() {
  ....
  // assume a string of less than
  // 9 characters will represent the charge state
  char *chg=(char*)malloc(10 * sizeof(char));
  // zero-fill the rest of the array
  strncpy(chg, "1", sizeof(chg));
  ....
}

Similar errors can be found in some other places:

  • V579 The strncpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. CombineOut out2xml.cxx 214

ffdshow

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. tfont.cpp 44


TprintPrefs::TprintPrefs(IffdshowBase *Ideci,
                         const TfontSettings *IfontSettings)
{
  // This doesn't seem to help after optimization.
  memset(this, 0, sizeof(this));
  dx = dy = 0;
  isOSD = false;
  xpos = ypos = 0;
  align = 0;
  linespacing = 0;
  sizeDx = 0;
  sizeDy = 0;
  ....
}

Super! As always, the compiler is to blame. This is what should have been written here: sizeof(*this).


ffdshow

V579 The memcpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. avisynth.h 695


void Assign(const AVSValue* src, bool init) {
  if (src->IsClip() && src->clip)
    src->clip->AddRef();
  if (!init && IsClip() && clip)
    clip->Release();
  // make sure this copies the whole struct!
  //((__int32*)this)[0] = ((__int32*)src)[0];
  //((__int32*)this)[1] = ((__int32*)src)[1];
  memcpy(this,src,sizeof(this));
}

Come on, you scoundrel, get copied, get copied!


CamStudio

V579 The strcpy_s function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. camsys.cpp 39


LONG GetRegKey (HKEY key, LPCTSTR subkey, LPTSTR retdata)
{
  HKEY hkey;
  LONG retval = ::RegOpenKeyEx (key, subkey,
    0, KEY_QUERY_VALUE, &hkey);
  if (retval == ERROR_SUCCESS)
  {
    long datasize = MAX_PATH;
    TCHAR data[MAX_PATH];
    ::RegQueryValue (hkey, NULL, data, &datasize);
    // Cause C4996 warning, marked as deprecation candidate
    // _tcscpy (retdata, data);
    // Safe replacement
    strcpy_s(retdata, sizeof(retdata), data );
    ::RegCloseKey (hkey);
  }
  return retval;
}

It was right but unsafe. Then they made it safe but not right :)


Samba

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. reg_perfcount.c 945


static bool _reg_perfcount_init_data_block(....)
{
  smb_ucs2_t *temp = NULL;
  ....
  memset(temp, 0, sizeof(temp));
  ....
}

Most likely this is what should be written here: sizeof(*temp).

Similar errors can be found in some other places:

  • V579 The cli_api function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the seventh argument. clirap2.c 331
  • V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. engine.c 91
  • V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. md2.c 133

OpenSSL

V579 The OPENSSL_cleanse function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. des.c 669


unsigned char cleanse_ctr = 0;

void OPENSSL_cleanse(void *ptr, size_t len)
{
  unsigned char *p = ptr;
  size_t loop = len, ctr = cleanse_ctr;
  while(loop--)
  {
    *(p++) = (unsigned char)ctr;
    ctr += (17 + ((size_t)p & 0xF));
  }
  p=memchr(ptr, (unsigned char)ctr, len);
  if(p)
    ctr += (63 + (size_t)p);
  cleanse_ctr = (unsigned char)ctr;
}

void usage(void)
{
  static unsigned char *buf=NULL,*obuf=NULL;
  ....
problems:
  OPENSSL_cleanse(buf,sizeof(buf));
  OPENSSL_cleanse(obuf,sizeof(obuf));
  ....
}

Similar errors can be found in some other places:

  • V579 The OPENSSL_cleanse function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. des.c 670
  • V579 The OPENSSL_cleanse function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. ec_mult.c 173
  • V579 The OPENSSL_cleanse function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. ec_mult.c 176

TortoiseSVN

V579 The strncmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. affixmgr.cxx 3654


int  AffixMgr::parse_convtable(...., const char * keyword)
{
  char * piece;
  ....
  if (strncmp(piece, keyword, sizeof(keyword)) != 0) {
  ....
}

Chromium

V579 The string function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. syncable_unittest.cc 1790


TEST_F(OnDiskSyncableDirectoryTest, TestShareInfo) {
  dir_->set_store_birthday("Jan 31st");
  const char* const bag_of_chips_array = "\0bag of chips";
  const std::string bag_of_chips_string =
    std::string(bag_of_chips_array, sizeof(bag_of_chips_array));
  ....
}

Similar errors can be found in some other places:

  • V579 The string function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. syncable_unittest.cc 1800
  • V579 The string function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. syncable_unittest.cc 1810

Source Engine SDK

V579 The V_strncpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. Client (HL2) vgui_messagechars.cpp 240


typedef struct message_s
{
  ....
  char    *text;
  ....
} message_t;

int CMessageCharsPanel::AddText(....)
{
  ....
  msg->text = new char[ Q_strlen( data ) + 1 ];
  Assert( msg->text );
  Q_strncpy( msg->text, data, sizeof( msg->text ) );
  ....
}

Firebird

V579 The convert function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. intlutil.cpp 668


ULONG convert(const ULONG srcLen,
              const UCHAR* src,
              const ULONG dstLen,
              UCHAR* dst,
              ULONG* badInputPos = NULL,
              bool ignoreTrailingSpaces = false);

string IntlUtil::escapeAttribute(....)
{
  ....
  ULONG l;
  UCHAR* uc = (UCHAR*)(&l);
  const ULONG uSize =
    cs->getConvToUnicode().convert(size, p, sizeof(uc), uc);
  ....
}

Unreal Engine 4

V579 The Memcmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. pimplrecastnavmesh.cpp 172


bool FRecastQueryFilter::IsEqual(
  const INavigationQueryFilterInterface* Other) const
{
  // @NOTE: not type safe, should be changed when
  // another filter type is introduced
  return FMemory::Memcmp(this, Other, sizeof(this)) == 0;
}

APR

V579 The apr_cpystrn function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. dir.c 250


APR_DECLARE(char *)
apr_cpystrn(char *dst, const char *src, apr_size_t dst_size);

APR_DECLARE(apr_status_t) apr_dir_read(....)
{
  ....
  char *fspec = (char*)wdirname;
  ....
  apr_cpystrn(fspec, thedir->dirname, sizeof(fspec));
  ....
}

Mozilla Firefox

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. winutils.cpp 146


void
WinUtils::LogW(const wchar_t *fmt, ...)
{
  ....
  char* utf8 = new char[len+1];
  memset(utf8, 0, sizeof(utf8));
  ....
}

Most likely this is what should be written here: memset(utf8, 0, (len+1) * sizeof(*utf8));


.NET CoreCLR

V579 The DacReadAll function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. daccess dacimpl.h 1688


template<class T>
inline bool MisalignedRead(CORDB_ADDRESS addr, T *t)
{
 return SUCCEEDED(DacReadAll(TO_TADDR(addr), t, sizeof(t), ....);
}

.NET CoreCLR

V579 The Read function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. util.cpp 4943


HRESULT GetMTOfObject(TADDR obj, TADDR *mt)
{
  if (!mt)
    return E_POINTER;

  HRESULT hr = rvCache->Read(obj, mt, sizeof(mt), NULL);
  if (SUCCEEDED(hr))
    *mt &= ~3;

  return hr;
}

SETI@home

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. analyzereport.cpp 271


int ReportTripletEvent(....)
{
  ....
  static int * inv;
  if (!inv)
    inv = (int*)calloc_a(swi.analysis_cfg.triplet_pot_length,
      sizeof(int), MEM_ALIGN);
  memset(inv, -1, sizeof(inv));
  for (i=0;i<swi.analysis_cfg.triplet_pot_length;i++)
  {
    j = (i*pot_len)/swi.analysis_cfg.triplet_pot_length;
    if (inv[j] < 0)
      inv[j] = i;
    ....
  }
  ....
}

Mozilla Thunderbird

V579 The HashBytes function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. nsdisplaylist.h 929


struct AnimatedGeometryRootLookup
{
  ....
  PLDHashNumber Hash() const
  {
    return mozilla::HashBytes(this, sizeof(this));
  }
  ....
}

FreeBSD Kernel

V579 The bzero function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. osapi.c 316


/* Autosense storage */
struct scsi_sense_data sense_data;

void
ostiInitiatorIOCompleted(....)
{
  ....
  bzero(&csio->sense_data, sizeof(&csio->sense_data));
  ....
}

FreeBSD Kernel

V579 The bzero function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. acpi_package.c 83


int
acpi_PkgStr(...., void *dst, ....)
{
  ....
  bzero(dst, sizeof(dst));
  ....
}

FreeBSD Kernel

V579 The copyout function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. if_nxge.c 1498


int
xge_ioctl_stats(xge_lldev_t *lldev, struct ifreq *ifreqp)
{
  ....
  *data = (*data == XGE_SET_BUFFER_MODE_1) ? 'Y':'N';
  if(copyout(data, ifreqp->ifr_data, sizeof(data)) == 0)    // <=
      retValue = 0;
  break;
  ....
}

Serious Engine 1 v.1.10

V579 The qsort function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. mesh.cpp 224


// optimize lod of mesh
void CMesh::OptimizeLod(MeshLOD &mLod)
{
  ....
  // sort array
  qsort(&_aiSortedIndex[0]           // <=
        ctVertices
        sizeof(&_aiSortedIndex[0]),  // <=
        qsort_CompareArray);
  ....
}

Open X-Ray Engine

V579 The strconcat function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the first argument. space_restriction.cpp 201


CSpaceRestriction::merge(....) const
{
  ....
  LPSTR S = xr_alloc<char>(acc_length);

  for ( ; I != E; ++I)
    temp = strconcat(sizeof(S),S,*temp,",",*(*I)->name());
  ....
}

OpenJDK

V579 The jio_snprintf function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. os_linux.cpp 6094


bool os::start_debugging(char *buf, int buflen) {
  int len = (int)strlen(buf);
  char *p = &buf[len];
  ....
  if (yes) {
    // yes, user asked VM to launch debugger
    jio_snprintf(buf, sizeof(buf), "gdb /proc/%d/exe %d",
      os::current_process_id(), os::current_process_id());

    os::fork_and_exec(buf);
    yes = false;
  }
  return yes;
}

CryEngine V

V579 The memcmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. graphicspipelinestateset.h 58


bool
operator==(const SComputePipelineStateDescription& other) const
{
  return 0 == memcmp(this, &other, sizeof(this)); // <=
}

Similar errors can be found in some other places:

  • V579 The memcpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. geomcacherendernode.cpp 286
  • V579 The AddObject function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. clipvolumemanager.cpp 145
  • V579 The memcmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. graphicspipelinestateset.h 34

GDB

V579 The read_memory function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. jv-valprint.c 111


extern void read_memory (....);

void
java_value_print (....)
{
  ....
  gdb_byte *buf;
  buf = ((gdb_byte *)
    alloca (gdbarch_ptr_bit (gdbarch) / HOST_CHAR_BIT));
  ....
  read_memory (address, buf, sizeof (buf));
  ....
}

GDB

V579 The extract_unsigned_integer function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. jv-valprint.c 117


extern ULONGEST extract_unsigned_integer (const gdb_byte *, int,
            enum bfd_endian);

void
java_value_print (....)
{
  ....
  gdb_byte *buf;
  buf = ((gdb_byte *)
    alloca (gdbarch_ptr_bit (gdbarch) / HOST_CHAR_BIT));
  ....
  /* FIXME: cagney/2003-05-24: Bogus or what.  It
     pulls a host sized pointer out of the target and
     then extracts that as an address (while assuming
     that the address is unsigned)!  */
  element = extract_unsigned_integer (buf, sizeof (buf),
                                      byte_order);
  ....
}

Similar errors can be found in some other places:

  • V579 The read_memory function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. jv-valprint.c 123
  • V579 The extract_unsigned_integer function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. jv-valprint.c 129

GNU GRUB

V579 The grub_memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. grub-setup.c 500


static void setup (....)
{
  ....
  struct grub_boot_blocklist *first_block, *block;
  ....
  /* Clean out the blocklists.  */
  block = first_block;
  while (block->len)
    {
     grub_memset (block, 0, sizeof (block)); // <=
     block--;
     ....
    }
  ....
}

Similar errors can be found in some other places:

  • V579 The grub_memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. mmap.c 148
  • V579 The grub_memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. mmap.c 165

MySQL

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. win32.c 442


struct win32op {
  int fd_setsz;
  struct win_fd_set *readset_in;
  struct win_fd_set *writeset_in;
  struct win_fd_set *readset_out;
  struct win_fd_set *writeset_out;
  struct win_fd_set *exset_out;
  RB_HEAD(event_map, event_entry) event_root;

  unsigned signals_are_broken : 1;
};

void win32_dealloc(struct event_base *_base, void *arg)
{
  struct win32op *win32op = arg;
  ....
  memset(win32op, 0, sizeof(win32op));
  free(win32op);
}

RT-Thread

V579 CWE-687 The memcpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. fsl_mcan.c 418


void MCAN_SetSTDFilterElement(CAN_Type *base,
  const mcan_frame_filter_config_t *config,
  const mcan_std_filter_element_config_t *filter,
  uint8_t idx)
{
  uint8_t *elementAddress = 0;
  elementAddress = (uint8_t *)(MCAN_GetMsgRAMBase(base) +
                               config->address + idx * 4U);
  memcpy(elementAddress, filter, sizeof(filter));
}

RT-Thread

V579 CWE-687 The memcpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. fsl_mcan.c 428


void MCAN_SetEXTFilterElement(CAN_Type *base,
  const mcan_frame_filter_config_t *config,
  const mcan_ext_filter_element_config_t *filter,
  uint8_t idx)
{
  uint8_t *elementAddress = 0;
  elementAddress = (uint8_t *)(MCAN_GetMsgRAMBase(base) +
                               config->address + idx * 8U);
  memcpy(elementAddress, filter, sizeof(filter));
}

Doom 1

V579 [CWE-687] The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. g_game.c 495


void G_DoLoadLevel (void)
{
  ....
  memset (mousebuttons, 0, sizeof(mousebuttons));
  memset (joybuttons, 0, sizeof(joybuttons));
}

typedef enum {false, true} boolean;
boolean mousearray[4];
boolean joyarray[5];
boolean* mousebuttons = &mousearray[1];
boolean* joybuttons = &joyarray[1];

Similar errors can be found in some other places:

  • V579 [CWE-687] The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. g_game.c 496

Mozilla Thunderbird

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. icalmime.c 195


icalcomponent* icalmime_parse(....)
{
  struct sspm_part *parts;
  int i, last_level=0;
  icalcomponent *root=0, *parent=0, *comp=0, *last = 0;

  if ( (parts = (struct sspm_part *)
          malloc(NUM_PARTS*sizeof(struct sspm_part)))==0)
  {
    icalerror_set_errno(ICAL_NEWFAILED_ERROR);
    return 0;
  }

  memset(parts,0,sizeof(parts));

  sspm_parse_mime(parts,
      NUM_PARTS, /* Max parts */
      icalmime_local_action_map, /* Actions */
      get_string,
      data, /* data for get_string*/
      0 /* First header */);
  ....
}

Similar errors can be found in some other places:

  • V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. icalmime.c 385
  • V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. icalparameter.c 114
  • V579 The snprintf function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. icaltimezone.c 1908
  • And 3 additional diagnostic messages.

PMDK

V579 [CWE-687] The memcpy_fn function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. pmem2_map_prot.c 513


typedef void *(*pmem2_memcpy_fn)(void *pmemdest, const void *src, size_t len,
    unsigned flags);

static const char *initial_state = "No code.";

static int
test_rwx_prot_map_priv_do_execute(const struct test_case *tc,
  int argc, char *argv[])
{
  ....
  char *addr_map = pmem2_map_get_address(map);
  map->memcpy_fn(addr_map, initial_state, sizeof(initial_state), 0);
  ....
}

Captain Blood

V579 [CWE-687, CERT-ARR01-C] The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. Debugger.cpp 282


void appDebuger::debuggerMakeThreadDump(....)
{
  CONTEXT ct;
  memset (&ct, 0, sizeof(&ct));
  // ....
}
typedef struct DECLSPEC_NOINITALL _CONTEXT
{
  DWORD ContextFlags;
  // ....
  DWORD   SegCs;              // MUST BE SANITIZED
  DWORD   EFlags;             // MUST BE SANITIZED
  DWORD   Esp;
  DWORD   SegSs;
  BYTE   ExtendedRegisters[MAXIMUM_SUPPORTED_EXTENSION];

} CONTEXT;

Microsoft PowerToys

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. KeyboardEventHandlers.cpp 16


typedef struct tagINPUT {
    DWORD   type;

    union
    {
        MOUSEINPUT      mi;
        KEYBDINPUT      ki;
        HARDWAREINPUT   hi;
    } DUMMYUNIONNAME;
} INPUT, *PINPUT, FAR* LPINPUT;

void SetNumLockToPreviousState(....)
{
    int key_count = 2;
    LPINPUT keyEventList = new INPUT[size_t(key_count)]();
    memset(keyEventList, 0, sizeof(keyEventList));
    ....
}