On Thu, Aug 27, 2009 at 3:52 PM, chris ahrendt<celtich...@yahoo.com> wrote: > This is the result of running cppcheck 1.35 with the --all parm against > the august 27th Git tree: > > [../wine-git/dlls/dbghelp/msc.c:88]: (possible error) Array index out of > bounds > [../wine-git/dlls/dbghelp/msc.c:89]: (possible error) Array index out of > bounds
False positive, apparently the numbers are hardcoded as: 72 char msg[128]; 88 msg[10 + 3 * 16] = ' '; // = 58<127 89 msg[10 + 3 * 16 + 1 + 16] = '\0'; // = 75<127 > [../wine-git/dlls/shell32/cpanelfolder.c:562]: (error) Possible null > pointer dereference: rgfInOut > [../wine-git/dlls/shell32/shfldr_desktop.c:437]: (error) Possible null > pointer dereference: rgfInOut > [../wine-git/dlls/shell32/shfldr_fs.c:577]: (error) Possible null > pointer dereference: rgfInOut > [../wine-git/dlls/shell32/shfldr_mycomp.c:474]: (error) Possible null > pointer dereference: rgfInOut > [../wine-git/dlls/shell32/shfldr_netplaces.c:352]: (error) Possible null > pointer dereference: rgfInOut It doesn't like the ternary operator? These lines are TRACE lines with one of the args being ``rgfInOut ? *rgfInOut : 0''. False positive. > [../wine-git/dlls/user32/tests/msg.c:63]: (error) Invalid number of > character ({). Can't process file. > [../wine-git/dlls/winealsa.drv/waveinit.c:745]: (possible error) Buffer > overrun 739 char defaultpcmname[256]; 745 sprintf(defaultpcmname, "default"); Something is wrong with cppcheck... False positive. > [../wine-git/dlls/wined3d/arb_program_shader.c:907]: (possible error) > Buffer overrun > [../wine-git/dlls/wined3d/arb_program_shader.c:915]: (possible error) > Buffer overrun > [../wine-git/dlls/wined3d/glsl_shader.c:3416]: (possible error) Buffer > overrun > [../wine-git/dlls/wined3d/glsl_shader.c:3418]: (possible error) Buffer > overrun > [../wine-git/dlls/wined3d/glsl_shader.c:3519]: (possible error) Buffer > overrun > [../wine-git/dlls/wined3d/glsl_shader.c:3521]: (possible error) Buffer > overrun Not checking those - i don't even pretend to understand how modern graphics works. > [../wine-git/dlls/wineoss.drv/mixer.c:1458]: (possible error) Buffer overrun So...it picks 1455 char name[32]; 1458 sprintf(name, "/dev/mixer"); as an error, but not: 1460 sprintf(name, "/dev/mixer%d", i); False positive. > [../wine-git/dlls/wineps.drv/init.c:270]: (error) Possible null pointer > dereference: dmW This one is actually a bug, the null check is below this line. All the callers check for nulls, though. > [../wine-git/programs/oleview/pane.c:152]: (error) Possible null pointer > dereference: hWndCreated Also a bug, and a very real one. Coincidentally, the null check on the next line is also wrong (should be if (!*hWndCreated) ) > [../wine-git/programs/winetest/main.c:114]: (possible error) Buffer overrun > [../wine-git/programs/winetest/main.c:116]: (possible error) Buffer overrun > [../wine-git/programs/winetest/main.c:119]: (possible error) Buffer overrun > [../wine-git/programs/winetest/main.c:121]: (possible error) Buffer overrun More of sprintf with just a string nonsense. False positive. > [../wine-git/server/file.c:235]: (possible error) Buffer overrun Also sprintf nonsense, but slightly more dangerous. The buffer is declared with [16] and the string is of length 14+1, so a few more bytes wouldn't hurt. :) > > > Chris > If someone could send patches for the few bugs that would be nice. Chris - cppcheck is clearly crazy about sprintf's and ternary operators. You might want to report that. Mike.