You are on page 1of 11

. N4.

:
: 15.12.2011

,
, . ,
. , ,
/++ - .
? , , " X
", , .
, , ,
. ,
.

, .
:

N1 [Miranda IM];
N2 [Chromium, Return to Castle Wolfenstein ..];
N3 [Qt SDK].

, .
Firefox. ,
, .
PVS-Studio 4.50.


N1.
int

AffixMgr::parse_convtable(..., const char * keyword)

{
...
if (strncmp(piece, keyword, sizeof(keyword)) != 0) {
HUNSPELL_WARNING(stderr,
"error: line %d: table is corrupt\n",
af->getlinenum());
delete *rl;
*rl = NULL;
return 1;
}
...
}
PVS-Studio: V579 The strncmp function receives the pointer and its size as arguments. It is
possibly a mistake. Inspect the third argument. affixmgr.cpp 3708
. ,
, .
sizeof(), . ,
( , 'keyword'
).

2.
int PatchFile::LoadSourceFile(FILE* ofile)
{
...
size_t c = fread(rb, 1, r, ofile);
if (c < 0) {
LOG(("LoadSourceFile: "
"error reading destination file: " LOG_S "\n",
mFile));
return READ_ERROR;
}
...
}
PVS-Studio: V547 Expression 'c < 0' is always false. Unsigned type value is never < 0.
updater.cpp 1179
, " ".
, , . .
fread() .
:
size_t fread(
void *buffer,
size_t size,
size_t count,
FILE *stream
);
, 'c', size_t.
, (c < 0) .
. , - ,
, .
:
V547 Expression 'c < 0' is always false. Unsigned type value is never < 0. updater.cpp 2373

V547 Expression 'c < 0' is always false. Unsigned type value is never < 0. bspatch.cpp 107

3. NULL
nsresult
nsFrameSelection::MoveCaret(...)
{
...
mShell->FlushPendingNotifications(Flush_Layout);
if (!mShell) {
return NS_OK;
}
...
}
PVS-Studio: V595 The 'mShell' pointer was utilized before it was verified against nullptr.
Check lines: 1107, 1109. nsselection.cpp 1107
,
NS_OK. , mShell .
, , mShell NULL. ,
, . ,
.

4. NULL
CompileStatus
mjit::Compiler::performCompilation(JITScript **jitp)
{
...
JaegerSpew(JSpew_Scripts,
"successfully compiled (code \"%p\") (size \"%u\")\n",
(*jitp)->code.m_code.executableAddress(),
unsigned((*jitp)->code.m_size));

if (!*jitp)
return Compile_Abort;
...
}
PVS-Studio:V595 The '* jitp' pointer was utilized before it was verified against nullptr.
Check lines: 547, 549. compiler.cpp 547
, - .
.

5.
PRBool
nsStyleAnimation::AddWeighted(...)
{
...
if (unit[0] == eCSSUnit_Null || unit[1] == eCSSUnit_Null ||
unit[0] == eCSSUnit_Null || unit[0] == eCSSUnit_URL) {
return PR_FALSE;
}
...
}
PVS-Studio: V501 There are identical sub-expressions 'unit [0] == eCSSUnit_Null' to the left
and to the right of the '||' operator. nsstyleanimation.cpp 1767
, 2 . , ,
, , :
if (unit[0] == eCSSUnit_Null || unit[1] == eCSSUnit_Null ||
unit[0] == eCSSUnit_URL

|| unit[1] == eCSSUnit_URL) {

- .

6.
nsresult PresShell::SetResolution(float aXResolution, float
aYResolution)

{
if (!(aXResolution > 0.0 && aXResolution > 0.0)) {
return NS_ERROR_ILLEGAL_VALUE;
}
...
}
PVS-Studio: V501 There are identical sub-expressions to the left and to the right of the
'&&' operator: aXResolution > 0.0 && aXResolution > 0.0 nspresshell.cpp 5114
. -
aYResolution.

7.
nsresult
SVGNumberList::SetValueFromString(const nsAString& aValue)
{
...
const char *token = str.get();
if (token == '\0') {
return NS_ERROR_DOM_SYNTAX_ERR; // nothing between commas
}
...
}
PVS-Studio: V528 It is odd that pointer to 'char' type is compared with the '\0' value.
Probably meant: *token == '\0'. svgnumberlist.cpp 96
, , . , ,
'\0'. ,
. . :
(*token == '\0').

8.
PRBool
nsIEProfileMigrator::TestForIE7()

{
...
PRUint32 index = ieVersion.FindChar('.', 0);
if (index < 0)
return PR_FALSE;
...
}
PVS-Studio: V547 Expression 'index < 0' is always false. Unsigned type value is never < 0.
nsieprofilemigrator.cpp 622
PR_FALSE,
. , 'index' .
(index < 0) .

9.
cairo_status_t
_cairo_win32_print_gdi_error (const char *context)
{
...
fwprintf(stderr, L"%s: %S", context, (wchar_t *)lpMsgBuf);
...
}
PVS-Studio: V576 Incorrect format. Consider checking the third actual argument of the
'fwprintf' function. The pointer to string of wchar_t type symbols is expected. cairo-win32-surface.c 129
, .
, .
_cairo_win32_print_gdi_error() .
fwprintf() unicode-,
'const char *'.

10.
bool ExceptionHandler::WriteMinidumpForChild(...)
{

...
DWORD last_suspend_cnt = -1;
...
// this thread may have died already, so not opening
// the handle is a non-fatal error
if (NULL != child_thread_handle) {
if (0 <= (last_suspend_cnt =
SuspendThread(child_thread_handle))) {
...
}
PVS-Studio: V547 Expression is always true. Unsigned type value is always >= 0.
exception_handler.cc 846
. ,
SuspendThread. last_suspend_cnt DWORD,
0.

Firefox
Firefox .
, PVS-Studio . , ,
. , ,
PVS-Studio. , Firefox
Visual Studio. PVS-Studio, make-.
Visual Studio, .
, Visual Studio , ,
. ,
, .
. , :
class nsBaseStatis : public nsStatis {
public:
...
PRUint32 mLWordLen[10];
...
nsBaseStatis::nsBaseStatis(...)

{
...
for(PRUint32 i = 0; i < 20; i++)
mLWordLen[i] = 0;
...
}
...
};
PVS-Studio: V557 Array overrun is possible. The value of 'i' index could reach 19.
detectcharset.cpp 89
, . ,
, : mozilla-test.txt.


, 10 ,
. ,
. , ,
. , ,
. , ,
, .
?


, .
. - , ,
. .
.
,
. , .
, . .
. - ,
- , , . ,
, , .
- . ,
, , .
, . , .

,
, . .
" -
". . ,
, .


,
, -.
, ,
.
dump-, ,
, dump- .
. , ,
- WriteMyDump ?


.
.
,
. , .
, 100%.
.
- 80%. 20%
. 20%
.


. ,
,
. , malloc(),
NULL, . ,
, .
, fopen(), CoCreateInstance(), CreateDC() .
,
, . ,
, .

. , ,
, . ,

, .
,
, .