Our website uses cookies to enhance your browsing experience.
Accept
to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
* Difference between Team and Enterprise
Didn't get our email?
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
Why do we ask to use Business Email?
New License
License Renewal
--Select currency--
USD
EUR
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
Why do we ask to use Business Email?
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
Why do we ask to use Business Email?
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you do not see the email in your inbox, please check if it is filtered to one of the following folders:

  • Promotion
  • Updates
  • Spam

Webinar: Evaluation - 05.12

Registration
Home
>
Posts
>
Examples of errors
>
Examples of errors detected by the V567…

Examples of errors detected by the V567 diagnostic

V567. Modification of variable is unsequenced relative to another operation on the same variable. This may lead to undefined behavior.

Fennec Media

V567 Undefined behavior. The 'm_nCurrentBitIndex' variable is modified while being used twice at single sequence point. MACLib unbitarrayold.cpp 78


uint32 CUnBitArrayOld::DecodeValueRiceUnsigned(uint32 k)
{
  ....
  while (!(m_pBitArray[m_nCurrentBitIndex >> 5] &
     Powers_of_Two_Reversed[m_nCurrentBitIndex++ & 31])) {}
  ....
}

SAGA GIS

V567 Undefined behavior. The 'iFloater' variable is modified while being used twice between sequence points. shapes_lines line_simplification.cpp 248


bool CLine_Simplification::Simplify(
  CSG_Shape *pLine, int iPart, bool *Keep)
{
  ....
  Keep[iFloater--] = iAnchor == 0 && iFloater ==
    pLine->Get_Point_Count(iPart) - 1;
  ....
}

Miranda IM

V567 Undefined behavior. The 's' variable is modified while being used twice between sequence points. msn ezxml.c 371


short ezxml_internal_dtd(ezxml_root_t root, char *s,
  size_t len)
{
  ....
  while (*(n = ++s + strspn(s, EZXML_WS)) && *n != '>') {
  ....
}

It's not guaranteed that 's' will be incremented before calling the strspn function.

IPP Samples

V567 Undefined behavior. The 'pTemp' variable is modified while being used twice between sequence points. me umc_me_cost_func.h 168


template<typename T, Ipp32s size> void HadamardFwdFast(
  ...., Ipp16s* pDst)
{
  Ipp32s *pTemp;
  ....
  for(j=0;j<4;j++) {
    a[0] = pTemp[0*4] + pTemp[1*4];
    a[1] = pTemp[0*4] - pTemp[1*4];
    a[2] = pTemp[2*4] + pTemp[3*4];
    a[3] = pTemp[2*4] - pTemp[3*4];
    pTemp = pTemp++;

    pDst[0*4] = (Ipp16s)(a[0] + a[2]);
    pDst[1*4] = (Ipp16s)(a[1] + a[3]);
    pDst[2*4] = (Ipp16s)(a[0] - a[2]);
    pDst[3*4] = (Ipp16s)(a[1] - a[3]);
    pDst = pDst++;
  }
  ....
}

Typical Undefined behavior!

Similar errors can be found in some other places:

  • V567 Undefined behavior. The 'pDst' variable is modified while being used twice between sequence points. me umc_me_cost_func.h 174
  • V567 Undefined behavior. The 'pTemp' variable is modified while being used twice between sequence points. me umc_me_cost_func.h 219
  • V567 Undefined behavior. The 'pDst' variable is modified while being used twice between sequence points. me umc_me_cost_func.h 238

IPP Samples

V567 Undefined behavior. The 'm_curIndex' variable is modified while being used twice between sequence points. vc1_enc umc_vc1_enc_planes.h 630


bool MoveOnNextFrame()
{
  if (m_nFrames>0)
  {
    m_pFrame[m_curIndex] = 0;
    m_curIndex = (++m_curIndex)%m_maxN;
    m_nFrames--;
    return true;
  }
  return false;
}

IPP Samples

V567 Undefined behavior. The 'm_Quant.LimIQuant' variable is modified while being used twice between sequence points. vc1_enc umc_vc1_enc_brc_gop.cpp 241


void VC1BRC_I::CompleteFrame(ePType picType)
{
  ....
  m_Quant.LimIQuant = m_Quant.LimIQuant--;
  ....
  m_Quant.IQuant = m_Quant.IQuant--;
  ....
}

Similar errors can be found in some other places:

  • V567 Undefined behavior. The 'm_Quant.IQuant' variable is modified while being used twice between sequence points. vc1_enc umc_vc1_enc_brc_gop.cpp 243

Doom 3

V567 Undefined behavior. The 'dir_cache_index' variable is modified while being used twice between sequence points. TypeInfo filesystem.cpp 1877


int idFileSystemLocal::ListOSFiles(....)
{
  ....
  dir_cache_index = (++dir_cache_index) % MAX_CACHED_DIRS;
  ....
}

This is what should have been written here: dir_cache_index = (dir_cache_index + 1) % MAX_CACHED_DIRS;

ffdshow

V567 Undefined behavior. The 'm_Offset' variable is modified while being used twice between sequence points. quicksyncutils.h 257


inline bool PopFront(T& res, DWORD dwMiliSecs)
{
  ....
  m_Offset = ++m_Offset % m_Capacity;
  ....
}

Network Security Services (NSS)

V567 Undefined behavior. The 'j' variable is modified while being used twice between sequence points. pk11slot.c 1926


PK11SlotList *
PK11_GetAllTokens(....)
{
  ....
  int j = 0;
  PRInt32 waste[16];
  ....
#if defined( XP_WIN32 )
  /* This is works around some horrible cache/page thrashing
  ** problems on Win32.  Without this, this loop can take up to
  ** 6 seconds at 100% CPU on a Pentium-Pro 200.  The thing this
  ** changes is to increase the size of the stack frame and
  ** modify it. Moving the loop code itself seems to have no
  ** effect. Dunno why this combination makes a difference,
  ** but it does.
  */
  waste[j & 0xf] = j++;
#endif
  ....
}

AssaultCube Reloaded

V567 Undefined behavior. The 'fullconsole' variable is modified while being used twice between sequence points. console.h 12


template<class LINE> struct consolebuffer
{
  void toggleconsole()
  {
    extern int altconsize;
    if(!fullconsole) fullconsole = altconsize ? 1 : 2;
    else fullconsole = ++fullconsole % 3;
  }
  ....
};

Snes9x

V567 Undefined behavior. The 'outputOffset' variable is modified while being used twice between sequence points. memmap.cpp 3926


static bool8 ReadBPSPatch (Stream *r, long, int32 &rom_size)
{
  ....
  while(length--)
    patched_rom[outputOffset++] = Memory.ROM[outputOffset];
  ....
}

Source Engine SDK

V567 Undefined behavior. The 'm_nNewSequenceParity' variable is modified while being used twice between sequence points. Client (HL2) c_baseanimating.cpp 5301


int m_nNewSequenceParity;
int m_nResetEventsParity;

void C_BaseAnimating::ResetSequenceInfo( void )
{
  ....
  m_nNewSequenceParity =
    ( ++m_nNewSequenceParity ) & EF_PARITY_MASK;
  m_nResetEventsParity =
    ( ++m_nResetEventsParity ) & EF_PARITY_MASK;
  ....
}

Similar errors can be found in some other places:

  • V567 Undefined behavior. The 'm_nResetEventsParity' variable is modified while being used twice between sequence points. Client (HL2) c_baseanimating.cpp 5302

Rhino (JavaScript engine)

V567 Undefined behavior. The 'currentMap' variable is modified while being used twice between sequence points. aossessionmanager.cpp 140


u4 AOSSessionManager::threadprocSessionManager(AThread& thread)
{
  ....
  currentMap = ((++currentMap) % pThis->m_HolderSize);
  ....
}

Steamworks SDK

V567 Undefined behavior. The 'm_nCurrentLeaderboard' variable is modified while being used twice between sequence points. leaderboards.cpp 201


int m_nCurrentLeaderboard;

void CLeaderboards::OnMenuSelection(....)
{
  ....
  m_nCurrentLeaderboard = ++m_nCurrentLeaderboard % 2;
  ....
}

CryEngine 3 SDK

V567 Undefined behavior. The 'm_index' variable is modified while being used twice between sequence points. inetwork.h 2303


void AddSample( T x )
{
  m_index = ++m_index % N;
  ....
}

Scilab

V567 Undefined behavior. The 's' variable is modified while being used twice between sequence points. ezxml.c 385


short ezxml_internal_dtd(ezxml_root_t root, char *s, size_t len)
{
  ....
  while (*(n = ++s + strspn(s, EZXML_WS)) && *n != '>') {
  ....
}

Scilab

V567 Undefined behavior. The 'i' variable is modified while being used twice between sequence points. csvread.c 620


static char **replaceStrings(....)
{
  ....
  int i = 0;
  ....
  for (i = 0; i < nr; i = i++)
  ....
}

Word for Windows 1.1a

V567 Undefined behavior. The 'iBitmap' variable is modified while being used twice between sequence points. ddedit.c 107


CmdBitmap()
{
  static int  iBitmap = 0;
  ....
  iBitmap = ++iBitmap % MAXBITMAP;
}

Similar errors can be found in some other places:

  • V567 Undefined behavior. The 'iIcon' variable is modified while being used twice between sequence points. ddedit.c 132
  • V567 Undefined behavior. The 'iCursor' variable is modified while being used twice between sequence points. ddedit.c 150

Tesseract

V567 Undefined behavior. The 'num_deleted_boxes' variable is modified while being used twice between sequence points. libtesseract303 tabvector.cpp 735


void TabVector::Evaluate(....) {
  ....
  int num_deleted_boxes = 0;
  ....
  ++num_deleted_boxes = true;
  ....
}

Chromium

V567 Undefined behavior. The 'g_color_index' variable is modified while being used twice between sequence points. window_type_launcher.cc 60


int g_color_index = 0;

explicit ModalWindow(ui::ModalType modal_type) : ....
{
  ++g_color_index %= arraysize(g_colors);
  ....
}

Similar errors can be found in some other places:

  • V567 Undefined behavior. The 'g_color_index' variable is modified while being used twice between sequence points. window_type_launcher.cc 123

VNL

V567 Undefined behavior. The 'mz_array_position' variable is modified while being used twice between sequence points. vnl_random.cxx 174


unsigned long vnl_random::lrand32()
{
  ....
  mz_array_position = (++mz_array_position) %
                      vnl_random_array_size;
  return p2;
}

Oracle VM Virtual Box

V567 Undefined behavior. The 'curg' variable is modified while being used twice between sequence points. consoleevents.h 75


template<class C> class ConsoleEventBuffer
{
public:
  ....
  C get()
  {
    C c;
    if (full || curg != curp)
    {
      c = buf[curg];
      ++curg %= sz;             // <=
      full = false;
    }
    return c;
  }
....
};

Similar errors can be found in some other places:

  • V567 Undefined behavior. The 'curp' variable is modified while being used twice between sequence points. consoleevents.h 95
  • V567 Undefined behavior. The 'curp' variable is modified while being used twice between sequence points. consoleevents.h 122

Miranda NG

V567 Undefined behavior. The 'i' variable is modified while being used twice between sequence points. Facebook connection.cpp 191


void FacebookProto::UpdateLoop(void *)
{
  ....
  for (int i = -1; !isOffline(); i = ++i % 50)
  ....
}

Similar errors can be found in some other places:

  • V567 Undefined behavior. The order of argument evaluation is not defined for 'mir_snwprintf' function. The 'timeout' variable is modified while being used twice between sequence points. WhenWasIt dlg_handlers.cpp 883

Godot Engine

V567 Undefined behavior. The 'selected_track' variable is modified while being used twice between sequence points. animation_editor.cpp 1378


void AnimationKeyEditor::_track_editor_input_event(....)
{
  ....
  if (v_scroll->is_visible() && p_input.is_action("ui_page_up"))
    selected_track=selected_track--;;
  ....
}

Godot Engine

V567 Undefined behavior. The 't' variable is modified while being used twice between sequence points. tween_interpolaters.cpp 265


static real_t out(real_t t, real_t b, real_t c, real_t d)
{
  return c * ((t = t / d - 1) * t * t + 1) + b;
}

Similar errors can be found in some other places:

  • V567 Undefined behavior. The 't' variable is modified while being used twice between sequence points. tween_interpolaters.cpp 271
  • V567 Undefined behavior. The 't' variable is modified while being used twice between sequence points. tween_interpolaters.cpp 367

Unreal Engine 4

V567 Undefined behavior. The 'NextSampleIndex' variable is modified while being used twice between sequence points. performancemonitor.h 77


void Tick(double CurrentTime, float Value)
{
  ....
  NextSampleIndex = ++NextSampleIndex % SampleSize;
  ....
}

Apple II emulator

V567 Undefined behavior. The 'addr' variable is modified while being used twice between sequence points. cpu.cpp 564


void CpuSetupBenchmark ()
{
  ....
  *(mem+addr++) =
      (opcode >= BENCHOPCODES) ? 0x00 : ((addr >> 4)+1) << 4;
  ....
}

Gamer_Z eXtreme Party

V567 Undefined behavior. The 'readOffset' variable is modified while being used twice between sequence points. bitstream.h 952


template <>
  inline bool BitStream::Read(bool &var)
{
  if ( readOffset + 1 > numberOfBitsUsed )
    return false;

  if (data[ readOffset >> 3 ] & ( 0x80 >> ( readOffset++ % 8 ) ))
    var = true;
  else
    var = false;

  return true;
}

Similar errors can be found in some other places:

  • V567 Undefined behavior. The 'bitStream->readOffset' variable is modified while being used twice between sequence points. bitstream.cpp 194
  • V567 Undefined behavior. The 'bitStream->readOffset' variable is modified while being used twice between sequence points. bitstream.cpp 208

FreeSWITCH

V567 Unspecified behavior. The order of argument evaluation is not defined for 'strtol' function. Consider inspecting the 'exp' variable. switch_utils.c 3759


SWITCH_DECLARE(int) switch_number_cmp(const char *exp, int val)
{
  for (;; ++exp) {
    int a = strtol(exp, (char **)&exp, 10);
    if (*exp != '-') {
      if (a == val)
        return 1;
    } else {
      int b = strtol(++exp, (char **)&exp, 10);        // <=
      ....
    }
    if (*exp != ',')
      return 0;
  }
}

CryEngine V

V567 Undefined behavior. The 'm_current' variable is modified while being used twice between sequence points. operatorqueue.cpp 105


bool COperatorQueue::Prepare(....)
{
  ++m_current &= 1;
  m_ops[m_current].clear();
  return true;
}

Similar errors can be found in some other places:

  • V567 Undefined behavior. The 'itail' variable is modified while being used twice between sequence points. trimesh.cpp 3101
  • V567 Undefined behavior. The 'ihead' variable is modified while being used twice between sequence points. trimesh.cpp 3108
  • V567 Undefined behavior. The 'ivtx' variable is modified while being used twice between sequence points. boolean3d.cpp 1194
  • And 5 additional diagnostic messages.

CMaNGOS

V567 Undefined behavior. The 'm_uiMovePoint' variable is modified while being used twice between sequence points. boss_onyxia.cpp 405


void UpdateAI(const uint32 uiDiff) override
{
  ....
  switch (urand(0, 2))
  {
    case 0:
      ....
    case 1:
    {
        // C++ is stupid, so add -1 with +7
        m_uiMovePoint += NUM_MOVE_POINT - 1;
        m_uiMovePoint %= NUM_MOVE_POINT;
        break;
    }
    case 2:
        ++m_uiMovePoint %= NUM_MOVE_POINT; // <=
        break;
  }
  ....
}

Similar errors can be found in some other places:

  • V567 Undefined behavior. The 'm_uiCrystalPosition' variable is modified while being used twice between sequence points. boss_ossirian.cpp 150

Far2l

V567 Undefined behavior. The 'Item[FocusPos]->Selected' variable is modified while being used twice between sequence points. dialog.cpp 3827


int Dialog::Do_ProcessSpace()
{
  ....
  if (Item[FocusPos]->Flags&DIF_3STATE)
    (++Item[FocusPos]->Selected)%=3;         // <=
  else
    Item[FocusPos]->Selected = !Item[FocusPos]->Selected;
  ....
}

Similar errors can be found in some other places:

  • V567 Undefined behavior. The '::ViewerID' variable is modified while being used twice between sequence points. viewer.cpp 117

Steinberg SDKs

V567 Undefined behavior. The 'p' variable is modified while being used twice between sequence points. mdaAmbienceProcessor.cpp 151


void AmbienceProcessor::doProcessing (ProcessData& data)
{
  ....
  ++p  &= 1023;
  ++d1 &= 1023;
  ++d2 &= 1023;
  ++d3 &= 1023;
  ++d4 &= 1023;
  ....
}

ofPennerEasing

V567 CWE-758 The modification of the 't' variable is unsequenced relative to another operation on the same variable. This may lead to undefined behavior. easing_equations.cpp 201


static real_t in_out(real_t t, real_t b, real_t c, real_t d) {
  if ((t /= d / 2) < 1) return c / 2 * t * t * t + b;
  return c / 2 * ((t -= 2) * t * t + 2) + b;
}

Similar errors can be found in some other places:

  • V567 CWE-758 The modification of the 't' variable is unsequenced relative to another operation on the same variable. This may lead to undefined behavior. easing_equations.cpp 274

LibreOffice

V567 The modification of the 'nCount' variable is unsequenced relative to another operation on the same variable. This may lead to undefined behavior. stgio.cxx 214


FatError EasyFat::Mark(....)
{
  if( nCount > 0 )
  {
    --nCount /= GetPageSize();
    nCount++;
  }
  ....
}

Doom 1

V567 [CWE-758] Undefined behavior. The 'eventhead' variable is modified while being used twice between sequence points. d_main.c 153


void D_PostEvent (event_t* ev)
{
  events[eventhead] = *ev;
  eventhead = (++eventhead)&(MAXEVENTS-1);
}

void D_ProcessEvents (void)
{
  ....
  for ( ; ....; eventtail = (++eventtail)&(MAXEVENTS-1) )
  {
    ....
  }
}

void CheckAbort (void)
{
  ....
  for ( ; ....; eventtail = (++eventtail)&(MAXEVENTS-1) )
  {
    ....
  }
}

Similar errors can be found in some other places:

  • V567 [CWE-758] Undefined behavior. The 'eventtail' variable is modified while being used twice between sequence points. d_main.c 170
  • V567 [CWE-758] Undefined behavior. The 'eventtail' variable is modified while being used twice between sequence points. d_net.c 464

glTF library

V567 The modification of the 'position.chars_read_current_line' variable is unsequenced relative to another operation on the same variable. This may lead to undefined behavior. json.hpp 3832


struct position_t
{
  ....
  std::size_t chars_read_current_line = 0;
  ....
};

std::char_traits<char>::int_type get()
{
  ++position.chars_read_total;
  ++position.chars_read_current_line;
  ....
  if (current == '\n')
  {
    ++position.lines_read;
    ++position.chars_read_current_line = 0;  // <=
  }
  return current;
}

LLVM/Clang

V567 Unspecified behavior. The order of argument evaluation is not defined for 'addSection' function. Consider inspecting the 'SecNo' variable. Object.cpp 1223


void IHexELFBuilder::addDataSections() {
  ....
  uint32_t SecNo = 1;
  ....
  Section = &Obj->addSection<OwnedDataSection>(
      ".sec" + std::to_string(SecNo++), RecAddr,
      ELF::SHF_ALLOC | ELF::SHF_WRITE, SecNo);
  ....
}

Darwin-XNU

V567 Undefined behavior. The 'ucsp' variable is modified while being used twice between sequence points. vfs_utfconv.c 298


int
utf8_encodestr(....)
{
  u_int16_t ucs_ch;
  int swapbytes = ....;
  ....
  ucs_ch = swapbytes ? OSSwapInt16(*ucsp++) : *ucsp++;
  ....
}

Darwin-XNU

V567 Undefined behavior. The 'pf_status.stateid' variable is modified while being used twice between sequence points. pf.c 1440


struct pf_status pf_status;

int
pf_insert_state(struct pf_state *s, ....)
{
  ....
  if (....) {
    s->id = htobe64(pf_status.stateid++);
    ....
  }
  ....
}

Similar errors can be found in some other places:

  • V567 Undefined behavior. The 'ip_id' variable is modified while being used twice between sequence points. ip_id.c 186
  • V567 Undefined behavior. The 'lp' variable is modified while being used twice between sequence points. nfs_boot.c 505
  • V567 Undefined behavior. The 'lp' variable is modified while being used twice between sequence points. nfs_boot.c 497
  • And 3 additional diagnostic messages.