Примеры ошибок, обнаруженных с помощью диагностики V609
V609. Possible division or mod by zero.
VNL
V609 Divide by zero. Denominator 'x' == 0. pow_ii.c 28
integer pow_ii(integer *ap, integer *bp)
{
integer pow, x, n;
unsigned long u;
x = *ap;
n = *bp;
if (n <= 0)
{
if (n == 0 || x == 1)
return 1;
if (x != -1)
return x == 0 ? 1/x : 0;
n = -n;
}
....
}
Mozilla Thunderbird
V609 Divide by zero. Denominator range [0..8]. ionbuilder.cpp 10922
static inline size_t UnboxedTypeSize(JSValueType type)
{
switch (type) {
....
default: return 0;
}
}
MInstruction*IonBuilder::loadUnboxedProperty(size_t offset,
JSValueType unboxedType, ....)
{
size_t index = offset / UnboxedTypeSize(unboxedType);
....
}
Similar errors can be found in some other places:
- V609 Divide by zero. Denominator range [0..8]. ionbuilder.cpp 11844
Inkscape
V609 Divide by zero. Denominator range [0..999]. lpe-fillet-chamfer.cpp 607
Geom::PathVector
LPEFilletChamfer::doEffect_path(....)
{
....
if(....){
....
} else if (type >= 3000 && type < 4000) {
unsigned int chamferSubs = type-3000;
....
double chamfer_stepsTime = 1.0/chamferSubs;
....
}
....
}
Similar errors can be found in some other places:
- V609 Divide by zero. Denominator range [0..999]. lpe-fillet-chamfer.cpp 623
Chromium
V609 Divide by zero. Denominator range [0..4096]. addr.h 159
static int BlockSizeForFileType(FileType file_type) {
switch (file_type) {
....
default:
return 0;
}
}
static int RequiredBlocks(int size, FileType file_type)
{
int block_size = BlockSizeForFileType(file_type);
return (size + block_size - 1) / block_size; // <=
}
EFL Core Libraries
V609 Mod by zero. Denominator range [0..24]. eina_inline_value_util.x 59
static inline size_t
eina_value_util_type_size(const Eina_Value_Type *type)
{
if (type == EINA_VALUE_TYPE_INT)
return sizeof(int32_t);
if (type == EINA_VALUE_TYPE_UCHAR)
return sizeof(unsigned char);
if ((type == EINA_VALUE_TYPE_STRING) ||
(type == EINA_VALUE_TYPE_STRINGSHARE))
return sizeof(char*);
if (type == EINA_VALUE_TYPE_TIMESTAMP)
return sizeof(time_t);
if (type == EINA_VALUE_TYPE_ARRAY)
return sizeof(Eina_Value_Array);
if (type == EINA_VALUE_TYPE_DOUBLE)
return sizeof(double);
if (type == EINA_VALUE_TYPE_STRUCT)
return sizeof(Eina_Value_Struct);
return 0; // <=
}
static inline unsigned int
eina_value_util_type_offset(
const Eina_Value_Type *type, unsigned int base)
{
unsigned size, padding;
size = eina_value_util_type_size(type); // <=
if (!(base % size)) // <=
return base;
padding = ( (base > size) ? (base - size) : (size - base));
return base + padding;
}
SpeedCrunch
V609 Divide by zero. Denominator range [0..4]. floatconvert.c 266
static int
lgbase( signed char base)
{
switch(base)
{
case 2:
return 1;
case 8:
return 3;
case 16:
return 4;
}
return 0; // <=
}
static void
_setlongintdesc(
p_ext_seq_desc n,
t_longint* l,
signed char base)
{
int lg;
n->seq.base = base;
lg = lgbase(base); // <=
n->seq.digits = (_bitlength(l) + lg - 1) / lg; // <=
n->seq.leadingSignDigits = 0;
n->seq.trailing0 = _lastnonzerobit(l) / lg; // <=
n->seq.param = l;
n->getdigit = _getlongintdigit;
}
Haiku Operation System
V609 Divide by zero. Denominator range [0..64]. UiUtils.cpp 544
static int32 GetSIMDFormatByteSize(uint32 format)
{
switch (format) {
case SIMD_RENDER_FORMAT_INT8:
return sizeof(char);
case SIMD_RENDER_FORMAT_INT16:
return sizeof(int16);
case SIMD_RENDER_FORMAT_INT32:
return sizeof(int32);
case SIMD_RENDER_FORMAT_INT64:
return sizeof(int64);
case SIMD_RENDER_FORMAT_FLOAT:
return sizeof(float);
case SIMD_RENDER_FORMAT_DOUBLE:
return sizeof(double);
}
return 0;
}
const BString&
UiUtils::FormatSIMDValue(const BVariant& value, uint32 bitSize,
uint32 format, BString& _output)
{
_output.SetTo("{");
char* data = (char*)value.ToPointer();
uint32 count = bitSize / (GetSIMDFormatByteSize(format) * 8); // <=
....
}
ROOT
V609 Divide by zero. Denominator range [0..100]. TGHtmlImage.cxx 340
const char *TGHtml::GetPctWidth(TGHtmlElement *p, char *opt, char *ret)
{
int n, m, val;
....
if (n < 0 || n > 100) return z;
if (opt[0] == 'h') {
val = fCanvas->GetHeight() * 100;
} else {
val = fCanvas->GetWidth() * 100;
}
if (!fInTd) {
snprintf(ret, 15, "%d", val / n);
} else {
....
}
....
}
LLVM/Clang
V609 Mod by zero. Denominator 'd.s.low' == 0. udivmoddi4.c 61
typedef int32_t si_int;
typedef uint32_t su_int;
typedef union {
du_int all;
struct {
#if _YUGA_LITTLE_ENDIAN
su_int low;
su_int high;
#else
su_int high;
su_int low;
#endif // _YUGA_LITTLE_ENDIAN
} s;
} udwords;
COMPILER_RT_ABI du_int __udivmoddi4(du_int a, du_int b, du_int *rem) {
....
if (d.s.low == 0) {
if (d.s.high == 0) {
// K X
// ---
// 0 0
if (rem)
*rem = n.s.high % d.s.low;
return n.s.high / d.s.low;
}
....
}
Similar errors can be found in some other places:
- V609 Divide by zero. Denominator 'd.s.low' == 0. udivmoddi4.c 62
MuditaOS
V609 [CERT-EXP37-C] Divide by zero. The 'qfilter_CalculateCoeffs' function processes value '0'. Inspect the third argument. Check lines: 'Equalizer.cpp:26', 'unittest_equalizer.cpp:91'. Equalizer.cpp 26
// Equalizer.cpp
QFilterCoefficients qfilter_CalculateCoeffs(
FilterType filter, float frequency, uint32_t samplerate, float Q,
float gain)
{
constexpr auto qMinValue = .1f;
constexpr auto qMaxValue = 10.f;
constexpr auto frequencyMinValue = 0.f;
if (frequency < frequencyMinValue && filter != FilterType::FilterNone)
{
throw std::invalid_argument("Negative frequency provided");
}
if ((Q < qMinValue || Q > qMaxValue) && filter != FilterType::FilterNone)
{
throw std::invalid_argument("Q out of range");
}
....
float omega = 2 * M_PI * frequency / samplerate;
....
}
....
// unittest_equalizer.cpp
const auto filterNone = qfilter_CalculateCoeffs(FilterType::FilterNone,
0, 0, 0, 0);
Ogre3D
V609. Possible division or mod by zero. OgreInstanceBatchHW_VTF.cpp 56
static const uint16 c_maxTexWidthHW = 4096;
const size_t numBones =
std::max<size_t>(1, baseSubMesh->blendIndexToBoneIndexMap.size());
// ....
const size_t maxUsableWidth = c_maxTexWidthHW –
(c_maxTexWidthHW % (numBones * mRowLength));
// ....
size_t texHeight = numWorldMatrices * mRowLength / maxUsableWidth; // <=
The maxUsableWidth variable can have a value from 0 to 4096. Thus, if maxUsableWidth suddenly turns out to be zero, we will get a division by zero at the place specified by the comment. Boom! But the code seems to be clean. It even compiles and works until 0 slips into the maxUsableWidth variable. This can happen if the result of numBones * mRowLength is greater than 4096. The size of the blendIndexToBoneIndexMap vector is used to initialize the numBones variable. Perhaps developers control the number of container elements outside the class. But maybe they're just lucky that the vector isn't big enough. However, if the vector is suddenly larger than 4096, the division by zero will happen — the program will crash
LLVM/Clang
V609 Mod by zero. Denominator 'SrcNumElts' == 0. CGBuiltin.cpp:14833
Value *CodeGenFunction::EmitX86BuiltinExpr(unsigned BuiltinID,
const CallExpr *E)
{
....
unsigned SrcNumElts =
cast<llvm::FixedVectorType>(Ops[1]->getType())->getNumElements();
....
int Indices[16];
for (unsigned i = 0; i != DstNumElts; ++i)
Indices[i] = (i >= SrcNumElts) ? SrcNumElts + (i % SrcNumElts) : i;
....
}