You are on page 1of 13

,

:
: 28.05.2013
NetXMS.
. IT-,
SNMP- , .
,, PVS-Studio.

NetXMS
:

Wikipedia: NetXMS
: http://www.netxms.org/

NetXMS GNU General Public License


v2. , ++, Java.
. ,
. . ,
. .
.
. PVS-Studio,
.

64-
, open-source , .
64- . .
. , .
, 64- 32- ,
. . "
".
, 64- . 64-
. ,
, - .
, . ,
, 64- .
, 4 .
, , 64-.
, . .

64- N1
BOOL SortItems(...., _In_ DWORD_PTR dwData);
void CLastValuesView::OnListViewColumnClick(....)
{
....
m_wndListCtrl.SortItems(CompareItems, (DWORD)this);
....
}
V220 Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being
casted: 'this'. lastvaluesview.cpp 716
32- , 4 .
, DWORD, UINT
. 64- 8 .
, DWORD_PTR, UINT_PTR .
. , SortItems()
.
, 32- DWORD.
. 32- DWORD,
DWORD_PTR. ,
.
, CLastValuesView
. . ,
.
. 4 .
32 .
:
m_wndListCtrl.SortItems(CompareItems, (DWORD_PTR)this);
:

mibbrowserdlg.cpp 160
lastvaluesview.cpp 232
graphdatapage.cpp 370
graphdatapage.cpp 330
graphdatapage.cpp 268
graphdatapage.cpp 172
controlpanel.cpp 126

- . .
- .

64- N2
, , . , -
.
static int hash_void_ptr(void *ptr)
{
int hash;
int i;

/* I took this hash function just off the top of my head,


I have no idea whether it is bad or very bad. */
hash = 0;
for (i = 0; i < (int)sizeof(ptr)*8 / TABLE_BITS; i++)
{
hash ^= (unsigned long)ptr >> i*8;
hash += i * 17;
hash &= TABLE_MASK;
}
return hash;
}
V205 Explicit conversion of pointer type to 32-bit integer type: (unsigned long) ptr xmalloc.c 85
, . . ,
'unsigned long'.
Windows Linux . Linux
LP64. 'long' 64-. , Linux
, .
Win64 'unsigned long' 32 . ,
, .

64- N3
64- - .
. .
.
static int ipfix_print_newmsg(....)

{
....
strftime(timebuf, 40, "%Y-%m-%d %T %Z",
localtime( (const time_t *) &(hdr->u.nf9.unixtime) ));
....
}
V114 Dangerous explicit type pointer conversion: (const time_t *) & (hdr->u.nf9.unixtime) ipfix_print.c
68
'unixtime' :
uint32_t unixtime; /* seconds since 1970 */

'time_t' :
#ifdef _USE_32BIT_TIME_T
typedef __time32_t time_t;
#else
typedef __time64_t time_t;
#endif
, _USE_32BIT_TIME_T . ,
. , localtime() ,
64- . 32- .
. localtime() .

, , 64- .
. .
. .
, 64- , 64- ,
viva64.
, . , :

64-
64- . 24. .

SOCKET
Linux SOCKET . Windows :
typedef UINT_PTR SOCKET;
Windows .
static int DoRadiusAuth(....)
{
SOCKET sockfd;
....
// Open a socket.
sockfd = socket(AF_INET, SOCK_DGRAM, 0);
if (sockfd < 0)
{
DbgPrintf(3, _T("RADIUS: Cannot create socket"));
pairfree(req);
return 5;
}
....
}
V547 Expression 'sockfd < 0' is always false. Unsigned type value is never < 0. radius.cpp 682
'sockfd' UINT_PTR. , 'sockfd < 0'
, Windows.
, .
. :
if (sockfd == SOCKET_ERROR)
:

ipfix.c 845
ipfix.c 962
ipfix.c 1013
ipfix.c 1143
ipfix.c 1169
ipfix_col.c 1404
ipfix_col.c 2025


int ipfix_snprint_string(....)
{
size_t

i;

uint8_t *in = (uint8_t*) data;

for( i=len-1; i>=0; i-- ) {


if ( in[i] == '\0' ) {
return snprintf( str, size, "%s", in );
}
}
....
}
V547 Expression 'i >= 0' is always true. Unsigned type value is always >= 0. ipfix.c 488
'i' size_t. "i>=0" .
, .
.


bool CatalystDriver::isDeviceSupported(....)
{
DWORD value = 0;
if (SnmpGet(snmp->getSnmpVersion(), snmp,
_T(".1.3.6.1.4.1.9.5.1.2.14.0"),
NULL, 0, &value, sizeof(DWORD), 0)
!= SNMP_ERR_SUCCESS)
return false;
// Catalyst 3550 can return 0 as number of slots
return value >= 0;
}
V547 Expression 'value >= 0' is always true. Unsigned type value is always >= 0. catalyst.cpp 71

,
WCHAR.
.
typedef WCHAR TCHAR, *PTCHAR;

static BOOL MatchProcess(....)


{
....
TCHAR commandLine[MAX_PATH];
....
memset(commandLine, 0, MAX_PATH);
....
}
V512 A call of the 'memset' function will lead to underflow of the buffer 'commandLine'. procinfo.cpp
278
TCHAR WCHAR. 'commandLine'
MAX_PATH. 'MAX_PATH * sizeof(TCHAR). 'memset'
. , :
memset(commandLine, 0, MAX_PATH * sizeof(TCHAR));
:
memset(commandLine, 0, sizeof(commandLine));

CToolBox :
typedef WCHAR TCHAR, *PTCHAR;
#define MAX_TOOLBOX_TITLE

64

TCHAR m_szTitle[MAX_TOOLBOX_TITLE];
CToolBox::CToolBox()
{
memset(m_szTitle, 0, MAX_TOOLBOX_TITLE);
}

V512 A call of the 'memset' function will lead to underflow of the buffer 'm_szTitle'. toolbox.cpp 28

Copy-paste
findIpAddress() .
.
void ClientSession::findIpAddress(CSCPMessage *request)
{
....
if (subnet != NULL)
{
debugPrintf(5, _T("findIpAddress(%s): found subnet %s"),
ipAddrText, subnet->Name());
found = subnet->findMacAddress(ipAddr, macAddr);
}
else
{
debugPrintf(5, _T("findIpAddress(%s): subnet not found"),
ipAddrText, subnet->Name());
}
....
}
V522 Dereferencing of the null pointer 'subnet' might take place. session.cpp 10823
debugPrintf() . 'else' .
'subnet' NULL. , "subnet->Name()" .

#define CF_AUTO_UNBIND 0x00000002


bool isAutoUnbindEnabled()
{
return ((m_flags & (CF_AUTO_UNBIND | CF_AUTO_UNBIND)) ==
(CF_AUTO_UNBIND | CF_AUTO_UNBIND)) ? true : false;
}

V578 An odd bitwise operation detected: m_flags & (0x00000002 | 0x00000002). Consider verifying it.
nms_objects.h 1410
(CF_AUTO_UNBIND | CF_AUTO_UNBIND) . ,
.


void I_SHA1Final(....)
{
unsigned char finalcount[8];
....
memset(finalcount, 0, 8);
SHA1Transform(context->state, context->buffer);
}
V597 The compiler could delete the 'memset' function call, which is used to flush 'finalcount' buffer. The
RtlSecureZeroMemory() function should be used to erase the private data. sha1.cpp 233
, , .
, . ,
.
" - ?".
memset(). .
, memset().
. ,
RtlSecureZeroMemory().


, .
, .
. , , ,
, , . ,
, , Copy-Paste. , , , ,
. .
int OdbcDisconnect(void* pvSqlCtx)
{
....
SQLRETURN nSqlRet;
....

if (nRet == SUCCESS)
{
....
nSqlRet = SQLDisconnect(pSqlCtx->hDbc);
....
}
if (SQLRET_FAIL(nSqlRet))
....
}
V614 Potentially uninitialized variable 'nSqlRet' used. odbcsapi.cpp 220
nSqlRet , 'if'.
. ,
.
:

session.cpp 2112
session.cpp 7525
session.cpp 7659
functions.cpp 386
unlock.cpp 63
alarmbrowser.cpp 539

, ,
, . .
V595.
. , NetXMS,
:
DWORD SNMP_PDU::encodeV3SecurityParameters(....,
SNMP_SecurityContext *securityContext)
{
....
DWORD engineBoots =
securityContext->getAuthoritativeEngine().getBoots();

DWORD engineTime =
securityContext->getAuthoritativeEngine().getTime();

if ((securityContext != NULL) &&


(securityContext->getSecurityModel() ==
SNMP_SECURITY_MODEL_USM))
{
....
}
V595 The 'securityContext' pointer was utilized before it was verified against nullptr. Check lines: 1159,
1162. pdu.cpp 1159
V595. ,
. , .


.
printf() , .
,
.
#define _ftprintf fwprintf
static __inline char * __CRTDECL ctime(const time_t * _Time);
BOOL LIBNETXMS_EXPORTABLE SEHServiceExceptionHandler(....)
{
....
_ftprintf(m_pExInfoFile,
_T("%s CRASH DUMP\n%s\n"),
szProcNameUppercase,
ctime(&t));
....
}
V576 Incorrect format. Consider checking the fourth actual argument of the 'fwprintf' function. The
pointer to string of wchar_t type symbols is expected. seh.cpp 292

_ftprintf() fwprintf(). ,
'wchar_t *'. , ctime()
, 'char'.
, , .
:

nxpush.cpp 193
nxpush.cpp 235

, 'new'

'new' 'NULL', .
. . ,
. NetXMS:
PRectangle CallTip::CallTipStart(....)
{
....
val = new char[strlen(defn) + 1];
if (!val)
return PRectangle();
....
}
V668 There is no sense in testing the 'val' pointer against null, as the memory was allocated using the
'new' operator. The exception will be generated in the case of memory allocation error. calltip.cpp 260
, , 'PRectangle'.
, . ,
. , .
, 'new',
:
val = new (std::nothrow) char[strlen(defn) + 1];
NetXMS PVS-Studio V668.
. .


static bool MatchStringEngine(....)
{

....
// Handle "*?" case
while(*MPtr == _T('?'))
{
if (*SPtr != 0)
SPtr++;
else
return false;
MPtr++;
break;
}
....
}
V612 An unconditional 'break' within a loop. tools.cpp 280
. , 'break'
.


NetXMS . .
. , .
:

, , :
. .
: PVS-Studio open-source
PVS-Studio:
http://www.viva64.com/ru/pvs-studio-download/
open-source ,
. .