Примеры ошибок, обнаруженных с помощью диагностики V654
V654. Condition of a loop is always true/false.
Apache HTTP Server
V654 The condition 'retry < 2' of loop is always true. mod_proxy_wstunnel mod_proxy_wstunnel.c 436
static int proxy_wstunnel_handler(....)
{
int retry;
....
retry = 0;
while (retry < 2) {
char *locurl = url;
....
// Variable 'retry' is not used
....
}
....
}
WebRTC
V654 The condition 'loopCnt < 5' of loop is always true. cpr_win_socket.c 746
#define TCP_PORT_RETRY_CNT 5
cpr_socket_t
cprSecSocConnect (char *host,
int port,
int ipMode,
boolean mode,
uint32_t tos,
uint16_t *localPort)
{
....
uint16_t loopCnt = 0;
....
while (loopCnt < TCP_PORT_RETRY_CNT) {
....
.... // loopCnt not changed
....
}
....
}
Oracle VM Virtual Box
V654 The condition of loop is always true. suphardenedverifyprocess-win.cpp 1732
DECLHIDDEN(int) supHardNtLdrCacheOpen(const char *pszName, ....)
{
....
uint32_t i = 0;
while (i < RT_ELEMENTS(g_apszSupNtVpAllowedDlls))
if (!strcmp(pszName, g_apszSupNtVpAllowedDlls[i]))
break;
....
}
What is dangerous about this loop is that the counter value doesn't change, so if the very first array item doesn't coincide with 'pszName', we'll get an infinite loop.
K Desktop Environment
V654 The condition 'state != 1' of loop is always true. passwd.cpp 255
int PasswdProcess::ConversePasswd(....)
{
....
state = 0;
while (state != 1)
{
line = readLine();
if (line.isNull())
{
// No more input... OK
return 0;
}
if (isPrompt(line, "password"))
{
// Uh oh, another prompt. Not good!
kill(m_Pid, SIGKILL);
waitForChild();
return PasswordNotGood;
}
m_Error += line + '\n'; // Collect error message
}
....
}
Miranda NG
V654 The condition '5' of loop is always true. Xfire main.cpp 1110
extern "C" __declspec(dllexport) int Load(void)
{
....
for (i = MAX_PATH; 5; i--){
....
}
Similar errors can be found in some other places:
- V654 The condition '5' of loop is always true. Xfire variables.cpp 194
Linux Kernel
V654 The condition 'i < 10' of loop is always true. qla3xxx.c 149
static int ql_wait_for_drvr_lock(struct ql3_adapter *qdev)
{
int i = 0;
while (i < 10) {
if (i)
ssleep(1);
if (ql_sem_lock(qdev,
QL_DRVR_SEM_MASK,
(QL_RESOURCE_BITS_BASE_CODE | (qdev->mac_index)
* 2) << 1)) {
netdev_printk(KERN_DEBUG, qdev->ndev,
"driver lock acquired\n");
return 1;
}
}
netdev_err(qdev->ndev,
"Timed out waiting for driver lock...\n");
return 0;
}
Unreal Engine 4
V654 The condition '!bFoundName' of loop is always true. edgraphutilities.cpp 244
void FEdGraphUtilities::RenameGraphCloseToName(....)
{
bool bFoundName = false;
FString NewName = BaseName;
int32 NameIndex = StartIndex;
while (!bFoundName)
{
if (Graph->Rename(*NewName, Graph->GetOuter(), REN_Test))
{
UBlueprint* BP = FBlueprintEditorUtils....;
Graph->Rename(*NewName, Graph->GetOuter(), ....);
return;
}
NewName = FString::Printf(TEXT("%s_%d"),*BaseName,NameIndex);
++NameIndex;
}
}
EFL Core Libraries
V654 The condition of loop is always false. evas_font_query.c 376
EAPI void
evas_common_font_query_size(....)
{
....
size_t cluster = 0;
size_t cur_cluster = 0;
....
do
{
cur_cluster = cluster + 1;
glyph--;
if (cur_w > ret_w)
{
ret_w = cur_w;
}
}
while ((glyph > first_glyph) && (cur_cluster == cluster));
....
}
Ardour
V654 The condition 'tries < 8' of loop is always true. session_transport.cc 68
void
Session::add_post_transport_work (PostTransportWork ptw)
{
PostTransportWork oldval;
PostTransportWork newval;
int tries = 0;
while (tries < 8) {
oldval = (PostTransportWork) g_atomic_int_get (....);
newval = PostTransportWork (oldval | ptw);
if (g_atomic_int_compare_and_exchange (....)) {
/* success */
return;
}
}
error << "Could not set post transport work! ...." << endmsg;
}
RT-Thread
V654 CWE-834 The condition 'i <= 255' of loop is always true. drv_ft5x06.c 160
static int ft5x06_dump(void)
{
uint8_t i;
uint8_t reg_value;
DEBUG_PRINTF("[FTS] Touch Chip\r\n");
for (i = 0; i <= 255; i++)
{
_ft5x06_read(i, ®_value, 1);
if (i % 8 == 7)
DEBUG_PRINTF("0x%02X = 0x%02X\r\n", i, reg_value);
else
DEBUG_PRINTF("0x%02X = 0x%02X ", i, reg_value);
}
DEBUG_PRINTF("\n");
return 0;
}
Android
V654 CWE-834 The condition 'gate_id <= 0xFF' of loop is always true. nfa_hci_utils.cc 248
#define NFA_HCI_LAST_PROP_GATE 0xFF
tNFA_HCI_DYN_GATE* nfa_hciu_alloc_gate(uint8_t gate_id,
tNFA_HANDLE app_handle) {
....
for (gate_id = NFA_HCI_FIRST_HOST_SPECIFIC_GENERIC_GATE;
gate_id <= NFA_HCI_LAST_PROP_GATE; gate_id++) {
if (gate_id == NFA_HCI_CONNECTIVITY_GATE) gate_id++;
if (nfa_hciu_find_gate_by_gid(gate_id) == NULL) break;
}
if (gate_id > NFA_HCI_LAST_PROP_GATE) {
LOG(ERROR) << StringPrintf(
"nfa_hci_alloc_gate - no free Gate ID: %u "
"App Handle: 0x%04x", gate_id, app_handle);
return (NULL);
}
....
}
Android
V654 CWE-834 The condition '++ retries' of loop is always true. SimpleDecodingSource.cpp 226
status_t SimpleDecodingSource::doRead(....) {
....
for (int retries = 0; ++retries; ) {
....
}
Stellarium
V654 The condition 'start_of_directory == - 1' of loop is always true. qzip.cpp 617
void QZipReaderPrivate::scanFiles()
{
....
// find EndOfDirectory header
int i = 0;
int start_of_directory = -1;
EndOfDirectory eod;
while (start_of_directory == -1) {
const int pos = device->size()
- int(sizeof(EndOfDirectory)) - i;
if (pos < 0 || i > 65535) {
qWarning() << "QZip: EndOfDirectory not found";
return;
}
device->seek(pos);
device->read((char *)&eod, sizeof(EndOfDirectory));
if (readUInt(eod.signature) == 0x06054b50)
break;
++i;
}
....
}
Haiku Operation System
V654 The condition 'specificSequence != sequence' of loop is always false. pthread_key.cpp 55
static void*
get_key_value(pthread_thread* thread, uint32 key, int32 sequence)
{
pthread_key_data& keyData = thread->specific[key];
int32 specificSequence;
void* value;
do {
specificSequence = keyData.sequence;
if (specificSequence != sequence)
return NULL;
value = keyData.value;
} while (specificSequence != sequence);
keyData.value = NULL;
return value;
}
Doom 1
V654 [CWE-834] The condition 'player->pendingweapon == wp_nochange' of loop is always false. p_pspr.c 232
boolean P_CheckAmmo (player_t* player)
{
....
do {
if (....)
{
player->pendingweapon = wp_plasma;
}
else .... if (....)
{
player->pendingweapon = wp_bfg;
}
else
{
player->pendingweapon = wp_fist;
}
} while (player->pendingweapon == wp_nochange);
....
}
Newton Game Dynamics
V654 The condition 'i < count' of loop is always false. MultiBodyCar.cpp 942
void MultibodyBodyCar(DemoEntityManager* const scene)
{
....
int count = 10;
count = 0;
for (int i = 0; i < count; i++)
{
for (int j = 0; j < count; j++)
{
dMatrix offset(location);
offset.m_posit += dVector (j * 5.0f + 4.0f, 0.0f, i * 5.0f, 0.0f);
//manager->CreateSportCar(offset, viperModel.GetData());
manager->CreateOffRoadCar(offset, monsterTruck.GetData());
}
}
....
}
Free Heroes of Might and Magic II
V654 The condition 'i < originalPalette.size()' of loop is always false. battle_interface.cpp 3689
void Battle::Interface::RedrawActionBloodLustSpell( Unit & target )
{
std::vector<std::vector<uint8_t> > originalPalette;
if ( target.Modes( SP_STONE ) )
{
originalPalette.push_back( PAL::GetPalette( PAL::GRAY ) );
}
else if ( target.Modes( CAP_MIRRORIMAGE ) )
{
originalPalette.push_back( PAL::GetPalette( PAL::MIRROR_IMAGE ) );
}
if ( !originalPalette.empty() )
{
for ( size_t i = 1; i < originalPalette.size(); ++i )
{
originalPalette[0] = PAL::CombinePalettes( originalPalette[0],
originalPalette[i] );
}
fheroes2::ApplyPalette( unitSprite, originalPalette[0] );
}
....
}
Snort
V654 The condition '!done' of loop is always true. log.c 207
void PrintNetData(....)
{
int done; /* flag */
....
/* initialization */
done = 0;
....
/* loop thru the whole buffer */
while(!done)
{
....
}
....
}
TheXTech
V654 The condition 'chunk_size > 0' of loop is always true. thextech image_size.cpp 211
static bool tryJPEG(SDL_RWops* file, uint32_t *w, uint32_t *h)
{
....
size_t chunk_size = 0;
....
do
{
SDL_memset(raw, 0, JPEG_BUFFER_SIZE);
pos = SDL_RWtell(file);
chunk_size = SDL_RWread(file, raw, 1, JPEG_BUFFER_SIZE);
if(chunk_size == 0)
break;
head = findJpegHead(raw, JPEG_BUFFER_SIZE);
if(head)
{
if(head + 20 >= raw + JPEG_BUFFER_SIZE)
{
SDL_RWseek(file, -20, RW_SEEK_CUR);
continue; /* re-scan this place */
}
if(SDL_memcmp(head, "\xFF\xE1", 2) == 0) /* EXIF, skip it!*/
{
const Sint64 curPos = pos + (head - raw);
Sint64 toSkip = BE16(head, 2); //-V629
SDL_RWseek(file, curPos + toSkip + 2, RW_SEEK_SET);
continue;
}
*h = BE16(head, 5);
*w = BE16(head, 7);
return true;
}
} while(chunk_size > 0); // <=
return false;
}
FlipperZero
V654 [CWE-834] The condition '!done' of loop is always true. ibutton-cli.cpp 253
void onewire_cli_search(Cli* cli) {
....
bool done = false;
....
while(!done) {
if(onewire.search(address, true) != 1) {
printf("Search finished\r\n");
onewire.reset_search();
done = true;
return;
} else {
printf("Found: ");
for(uint8_t i = 0; i < 8; i++) {
printf("%02X", address[i]);
}
printf("\r\n");
}
delay(100);
}
....
}
Captain Blood
V654 [CWE-834] The condition 'n >= 0' of loop is always true. resourceselect.cpp 42
typedef unsigned int dword;
TResourceSelectorWindow::TResourceSelectorWindow ()
{
string PakPath;
// ....
miss->EditorGetPackPath(PakPath);
//....
for (dword n = PakPath.Size()-1; n >= 0; n--)
{
if (PakPath[n] == '\\')
{
PakPath.Delete(0, n+1);
break;
}
}
// ....
}