Our website uses cookies to enhance your browsing experience.
Accept
to the top
Home
>
Posts
>
Examples of errors
>
Examples of errors detected by the...

Examples of errors detected by the V505 diagnostic

V505. The 'alloca' function is used inside the loop. This can quickly overflow stack.

TDengine

V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. mndVgroup.c 807


#define TSWAP(a, b)                  \
  do {                               \
    char *__tmp = (char*)alloca(sizeof(a)); \
    (void)memcpy(__tmp, &(a), sizeof(a));  \
    (void)memcpy(&(a), &(b), sizeof(a));   \
    (void)memcpy(&(b), __tmp, sizeof(a));  \
  } while (0)

void mndSortVnodeGid(SVgObj *pVgroup) {
  for (int32_t i = 0; i < pVgroup->replica; ++i) {
    for (int32_t j = 0; j < pVgroup->replica - 1 - i; ++j) {
      if (pVgroup->vnodeGid[j].dnodeId > pVgroup->vnodeGid[j + 1].dnodeId) {
        TSWAP(pVgroup->vnodeGid[j], pVgroup->vnodeGid[j + 1]);
      }
    }
  }
}

Similar errors can be found in some other places:

  • V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. mergeoperator.c 361
  • V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. mergejoin.c 3085
  • V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. mergejoin.c 3147
  • And 5 additional diagnostic messages.

EFL Core Libraries

V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. evas_font_dir.c 129


static Eina_List *
evas_font_set_get(const char *name)
{
  ....
  const char *pp;
  char *nm;
  pp = name;
  while (p)
  {
    nm = alloca(p - pp + 1);
    strncpy(nm, pp, p - pp);
    nm[p - pp] = 0;
    fonts = eina_list_append(fonts, eina_stringshare_add(nm));
    pp = p + 1;
    p = strchr(pp, ',');
    if (!p) fonts = eina_list_append(fonts,
                                     eina_stringshare_add(pp));
  }
  ....
}

Similar errors can be found in some other places:

  • V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. eina_benchmark.c 285
  • V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. eina_module.c 547
  • V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. eldbus_message_from_eina_value.c 327
  • And 21 additional diagnostic messages.

Tizen

V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. audio_io_test.c 247


int audio_io_loopback_in_test()
{
  ....
  while (1) {
    char *buffer = alloca(size);
    if ((ret = audio_in_read(input, (void *)buffer, size)) >
                                           AUDIO_IO_ERROR_NONE) {
      fwrite(buffer, size, sizeof(char), fp);
      printf("PASS, size=%d, ret=0x%x\n", size, ret);
    } else {
      printf("FAIL, size=%d, ret=0x%x\n", size, ret);
    }
  }
  ....
}

Synergy

V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. rijndael.cpp 1206


size_t Rijndael::Enc::AdvancedProcessBlocks(....) const
{
  ....
  do {
    space = (byte *)alloca(255+sizeof(Locals));
    space += (256-(size_t)space%256)%256;
  }
  while (AliasedWithTable(space, space+sizeof(Locals)));
  ....
}

Similar errors can be found in some other places:

  • V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. cmswindowsscreensaver.cpp 398

DeSmuME

V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. DeSmuME_VS2005 7zip.cpp 161


ArchiveFile::ArchiveFile(const char* filename)
{
  ....
  for(size_t i = 0;
      i < s_formatInfos.size() && m_typeIndex < 0;
      i++)
  {
    ....
    char* fileSig = (char*)_alloca(len);
    ....
  }
  ....
}

Pixie

V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. ri polygons.cpp 1120


inline  void  triangulatePolygon(....) {
  ....
  for (i=1;i<nloops;i++) {
    ....
    do {
      ....
      do {
        ....
        CTriVertex *snVertex =
          (CTriVertex *) alloca(2*sizeof(CTriVertex));
        ....
      } while(dVertex != loops[0]);
      ....
    } while(sVertex != loops[i]);
    ....
  }
  ....
}

Multi-threaded Dynamic Queue

V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. GridCtrl gridctrl.cpp 2332


COleDataSource* CGridCtrl::CopyTextFromGrid()
{
  ....
  for (int row = Selection.GetMinRow();
    row <= Selection.GetMaxRow(); row++)
  {
    ....
    sf.Write(T2A(str.GetBuffer(1)), str.GetLength());
    ....
  }
  ....
}

This code is potentially dangerous. T2A() macro uses alloca() function. As alloca() function is called from within the loop, it can quickly lead to stack overflow.

Crystal Space 3D SDK

V505 The 'alloca' function is used inside the loop. This can quickly overflow stack. applighter2 scene.cpp 942


#define CS_ALLOC_STACK_ARRAY(type, var, size) \
  type *var = (type *)alloca ((size) * sizeof (type))

void Scene::PropagateLight (....)
{
  ....
  PortalRefArray::Iterator it =
    sourceSector->allPortals.GetIterator ();
  while (it.HasNext ())
  {
    ....
    CS_ALLOC_STACK_ARRAY(csVector3,
      tmpVertices, portal->worldVertices.GetSize ());
    ....
  }
}