Вебинар: Парсим С++ - 25.10

Примеры ошибок, обнаруженных с помощью …

Примеры ошибок, обнаруженных с помощью диагностики V654

V654. Condition of a loop is always true/false.

Apache HTTP Server

V654 The condition 'retry < 2' of loop is always true. mod_proxy_wstunnel mod_proxy_wstunnel.c 436

static int proxy_wstunnel_handler(....)
  int retry;
  retry = 0;
  while (retry < 2) {
    char *locurl = url;
    // Variable 'retry' is not used


V654 The condition 'loopCnt < 5' of loop is always true. cpr_win_socket.c 746


cprSecSocConnect (char *host,
                  int     port,
                  int     ipMode,
                  boolean mode,
                  uint32_t tos,
                  uint16_t *localPort)
  uint16_t loopCnt  = 0;
  while (loopCnt < TCP_PORT_RETRY_CNT) {
    .... // loopCnt not changed

Oracle VM Virtual Box

V654 The condition of loop is always true. suphardenedverifyprocess-win.cpp 1732

DECLHIDDEN(int) supHardNtLdrCacheOpen(const char *pszName, ....)
  uint32_t i = 0;
  while (i < RT_ELEMENTS(g_apszSupNtVpAllowedDlls))
    if (!strcmp(pszName, g_apszSupNtVpAllowedDlls[i]))

What is dangerous about this loop is that the counter value doesn't change, so if the very first array item doesn't coincide with 'pszName', we'll get an infinite loop.

K Desktop Environment

V654 The condition 'state != 1' of loop is always true. passwd.cpp 255

int PasswdProcess::ConversePasswd(....)
  state = 0;
  while (state != 1)
    line = readLine();
    if (line.isNull())
      // No more input... OK
      return 0;
    if (isPrompt(line, "password"))
      // Uh oh, another prompt. Not good!
      kill(m_Pid, SIGKILL);
      return PasswordNotGood;
    m_Error += line + '\n'; // Collect error message

Miranda NG

V654 The condition '5' of loop is always true. Xfire main.cpp 1110

extern "C" __declspec(dllexport) int  Load(void)
  for (i = MAX_PATH; 5; i--){

Similar errors can be found in some other places:

  • V654 The condition '5' of loop is always true. Xfire variables.cpp 194

Linux Kernel

V654 The condition 'i < 10' of loop is always true. qla3xxx.c 149

static int ql_wait_for_drvr_lock(struct ql3_adapter *qdev)
  int i = 0;

  while (i < 10) {
    if (i)

    if (ql_sem_lock(qdev,
        (QL_RESOURCE_BITS_BASE_CODE | (qdev->mac_index)
         * 2) << 1)) {
      netdev_printk(KERN_DEBUG, qdev->ndev,
              "driver lock acquired\n");
      return 1;

             "Timed out waiting for driver lock...\n");
  return 0;

Unreal Engine 4

V654 The condition '!bFoundName' of loop is always true. edgraphutilities.cpp 244

void FEdGraphUtilities::RenameGraphCloseToName(....)
  bool bFoundName = false;

  FString NewName = BaseName;

  int32 NameIndex = StartIndex;
  while (!bFoundName)
    if (Graph->Rename(*NewName, Graph->GetOuter(), REN_Test))
      UBlueprint* BP = FBlueprintEditorUtils....;
      Graph->Rename(*NewName, Graph->GetOuter(), ....);

    NewName = FString::Printf(TEXT("%s_%d"),*BaseName,NameIndex);

EFL Core Libraries

V654 The condition of loop is always false. evas_font_query.c 376

EAPI void
  size_t cluster = 0;
  size_t cur_cluster = 0;
    cur_cluster = cluster + 1;

    if (cur_w > ret_w)
      ret_w = cur_w;
  while ((glyph > first_glyph) && (cur_cluster == cluster));


V654 The condition 'tries < 8' of loop is always true. session_transport.cc 68

Session::add_post_transport_work (PostTransportWork ptw)
  PostTransportWork oldval;
  PostTransportWork newval;
  int tries = 0;

  while (tries < 8) {
    oldval = (PostTransportWork) g_atomic_int_get (....);
    newval = PostTransportWork (oldval | ptw);
    if (g_atomic_int_compare_and_exchange (....)) {
      /* success */

  error << "Could not set post transport work! ...." << endmsg;


V654 CWE-834 The condition 'i <= 255' of loop is always true. drv_ft5x06.c 160

static int ft5x06_dump(void)
  uint8_t i;
  uint8_t reg_value;

  DEBUG_PRINTF("[FTS] Touch Chip\r\n");

  for (i = 0; i <= 255; i++)
    _ft5x06_read(i, ®_value, 1);

    if (i % 8 == 7)
      DEBUG_PRINTF("0x%02X = 0x%02X\r\n", i, reg_value);
      DEBUG_PRINTF("0x%02X = 0x%02X ", i, reg_value);

  return 0;


V654 CWE-834 The condition 'gate_id <= 0xFF' of loop is always true. nfa_hci_utils.cc 248


tNFA_HCI_DYN_GATE* nfa_hciu_alloc_gate(uint8_t gate_id,
                                       tNFA_HANDLE app_handle) {
       gate_id <= NFA_HCI_LAST_PROP_GATE; gate_id++) {
    if (gate_id == NFA_HCI_CONNECTIVITY_GATE) gate_id++;
    if (nfa_hciu_find_gate_by_gid(gate_id) == NULL) break;

  if (gate_id > NFA_HCI_LAST_PROP_GATE) {
    LOG(ERROR) << StringPrintf(
        "nfa_hci_alloc_gate - no free Gate ID: %u  "
        "App Handle: 0x%04x", gate_id, app_handle);
    return (NULL);


V654 CWE-834 The condition '++ retries' of loop is always true. SimpleDecodingSource.cpp 226

status_t SimpleDecodingSource::doRead(....) {
  for (int retries = 0; ++retries; ) {


V654 The condition 'start_of_directory == - 1' of loop is always true. qzip.cpp 617

void QZipReaderPrivate::scanFiles()
  // find EndOfDirectory header
  int i = 0;
  int start_of_directory = -1;
  EndOfDirectory eod;
  while (start_of_directory == -1) {
    const int pos = device->size()
      - int(sizeof(EndOfDirectory)) - i;
    if (pos < 0 || i > 65535) {
      qWarning() << "QZip: EndOfDirectory not found";

    device->read((char *)&eod, sizeof(EndOfDirectory));
    if (readUInt(eod.signature) == 0x06054b50)

Haiku Operation System

V654 The condition 'specificSequence != sequence' of loop is always false. pthread_key.cpp 55

static void*
get_key_value(pthread_thread* thread, uint32 key, int32 sequence)
  pthread_key_data& keyData = thread->specific[key];
  int32 specificSequence;
  void* value;

  do {
    specificSequence = keyData.sequence;
    if (specificSequence != sequence)
      return NULL;

    value = keyData.value;
  } while (specificSequence != sequence);

  keyData.value = NULL;

  return value;

Doom 1

V654 [CWE-834] The condition 'player->pendingweapon == wp_nochange' of loop is always false. p_pspr.c 232

boolean P_CheckAmmo (player_t* player)
  do {
    if (....)
      player->pendingweapon = wp_plasma;
    else .... if (....)
      player->pendingweapon = wp_bfg;
      player->pendingweapon = wp_fist;
  } while (player->pendingweapon == wp_nochange);

Newton Game Dynamics

V654 The condition 'i < count' of loop is always false. MultiBodyCar.cpp 942

void MultibodyBodyCar(DemoEntityManager* const scene)
  int count = 10;
  count = 0;
  for (int i = 0; i < count; i++)
    for (int j = 0; j < count; j++)
      dMatrix offset(location);
      offset.m_posit += dVector (j * 5.0f + 4.0f, 0.0f, i * 5.0f, 0.0f);
      //manager->CreateSportCar(offset, viperModel.GetData());
      manager->CreateOffRoadCar(offset, monsterTruck.GetData());

Free Heroes of Might and Magic II

V654 The condition 'i < originalPalette.size()' of loop is always false. battle_interface.cpp 3689

void Battle::Interface::RedrawActionBloodLustSpell( Unit & target )
  std::vector<std::vector<uint8_t> > originalPalette;
  if ( target.Modes( SP_STONE ) )
    originalPalette.push_back( PAL::GetPalette( PAL::GRAY ) );
  else if ( target.Modes( CAP_MIRRORIMAGE ) )
    originalPalette.push_back( PAL::GetPalette( PAL::MIRROR_IMAGE ) );
  if ( !originalPalette.empty() )
    for ( size_t i = 1; i < originalPalette.size(); ++i )
      originalPalette[0] = PAL::CombinePalettes( originalPalette[0],
                                                 originalPalette[i] );
    fheroes2::ApplyPalette( unitSprite, originalPalette[0] );


V654 The condition '!done' of loop is always true. log.c 207

void PrintNetData(....)
  int done;           /* flag */

  /* initialization */
  done = 0;

  /* loop thru the whole buffer */


V654 The condition 'chunk_size > 0' of loop is always true. thextech image_size.cpp 211

static bool tryJPEG(SDL_RWops* file, uint32_t *w, uint32_t *h)
  size_t chunk_size = 0;
    SDL_memset(raw, 0, JPEG_BUFFER_SIZE);
    pos = SDL_RWtell(file);
    chunk_size = SDL_RWread(file, raw, 1, JPEG_BUFFER_SIZE);
    if(chunk_size == 0)

    head = findJpegHead(raw, JPEG_BUFFER_SIZE);
      if(head + 20 >= raw + JPEG_BUFFER_SIZE)
        SDL_RWseek(file, -20, RW_SEEK_CUR);
        continue; /* re-scan this place */

      if(SDL_memcmp(head, "\xFF\xE1", 2) == 0) /* EXIF, skip it!*/
        const Sint64 curPos = pos + (head - raw);
        Sint64 toSkip = BE16(head, 2); //-V629
        SDL_RWseek(file, curPos + toSkip + 2, RW_SEEK_SET);

      *h = BE16(head, 5);
      *w = BE16(head, 7);
      return true;
  } while(chunk_size > 0);               // <=

  return false;


V654 [CWE-834] The condition '!done' of loop is always true. ibutton-cli.cpp 253

void onewire_cli_search(Cli* cli) {
  bool done = false;
  while(!done) {
    if(onewire.search(address, true) != 1) {
      printf("Search finished\r\n");
      done = true;
    } else {
      printf("Found: ");
      for(uint8_t i = 0; i < 8; i++) {
        printf("%02X", address[i]);

Captain Blood

V654 [CWE-834] The condition 'n >= 0' of loop is always true. resourceselect.cpp 42

typedef unsigned int dword;

TResourceSelectorWindow::TResourceSelectorWindow ()
  string PakPath;
  // ....
  for (dword n = PakPath.Size()-1; n >= 0; n--)
    if (PakPath[n] == '\\')
      PakPath.Delete(0, n+1);

  // ....