Examples of errors detected by the V568 diagnostic
V568. It is suspicious that the argument of sizeof() operator is the expression.
Wolfenstein 3D
V568 It's odd that the argument of sizeof() operator is the '& itemInfo' expression. cgame cg_weapons.c 1467
void CG_RegisterItemVisuals( int itemNum ) {
....
itemInfo_t *itemInfo;
....
memset( itemInfo, 0, sizeof( &itemInfo ) );
....
}
This is what should have been written here: memset( itemInfo, 0, sizeof( *itemInfo ) ).
FCEUX
V568 It's odd that the argument of sizeof() operator is the 'buff - 1' expression. fceux monitor.cpp 117
BOOL updateResults(HWND hwndDlg, int rule)
{
char buff[0x100];
....
SendDlgItemMessage(hwndDlg, RULE_INPUT_1 + i, WM_GETTEXT,
sizeof(buff - 1), (LPARAM) input_buff);
....
}
This is what should have been written here: sizeof(buff) - 1.
CxImage
V568 It's odd that the argument of sizeof() operator is the expression. jasper jpc_enc.c 2157
static jpc_enc_tcmpt_t *tcmpt_create(....)
{
....
memset(tcmpt->stepsizes, 0,
sizeof(tcmpt->numstepsizes * sizeof(uint_fast16_t)));
....
}
This is what should have been written here: memset(tcmpt->stepsizes, 0, tcmpt->numstepsizes * sizeof(uint_fast16_t));
Miranda IM
V568 It's odd that the argument of sizeof() operator is the '& ImgIndex' expression. clist_modern modern_extraimage.cpp 302
void ExtraImage_SetAllExtraIcons(HWND hwndList,HANDLE hContact)
{
....
char *(ImgIndex[64]);
....
memset(&ImgIndex,0,sizeof(&ImgIndex));
....
}
The programmer wanted to zero an array consisting of 64 pointers. But only the first item was zeroed. This
Similar errors can be found in some other places:
- V568 It's odd that the argument of sizeof() operator is the '& ImgIndex' expression. clist_mw extraimage.c 295
Miranda IM
V568 It's odd that the argument of sizeof() operator is the '& rowOptTA' expression. clist_modern modern_rowtemplateopt.cpp 258
static ROWCELL* rowOptTA[100];
void rowOptAddContainer(HWND htree, HTREEITEM hti)
{
....
ZeroMemory(rowOptTA,sizeof(&rowOptTA));
....
}
Only one item is cleared.
Similar errors can be found in some other places:
- V568 It's odd that the argument of sizeof() operator is the '& rowOptTA' expression. clist_modern modern_rowtemplateopt.cpp 308
- V568 It's odd that the argument of sizeof() operator is the '& rowOptTA' expression. clist_modern modern_rowtemplateopt.cpp 438
Apache HTTP Server
V568 It's odd that the argument of sizeof() operator is the 'sizeof (SECURITY_ATTRIBUTES)' expression. libhttpd util_win32.c 115
PSECURITY_ATTRIBUTES GetNullACL(void)
{
PSECURITY_ATTRIBUTES sa;
sa = (PSECURITY_ATTRIBUTES) LocalAlloc(
LPTR, sizeof(SECURITY_ATTRIBUTES));
sa->nLength = sizeof(sizeof(SECURITY_ATTRIBUTES));
....
}
This is what should have been written here: sa->nLength = sizeof(SECURITY_ATTRIBUTES);
Energy Checker SDK
V568 It's odd that the argument of sizeof() operator is the '& file_data' expression. pl_csv_logger productivity_link_helper.c 1667
int plh_read_pl_folder(PPLH_PL_FOLDER_INFO pconfig) {
....
WIN32_FIND_DATA file_data;
....
memset(
&file_data,
0,
sizeof(&file_data)
);
....
}
This is what should have been written here: sizeof(file_data)
Similar errors can be found in some other places:
- V568 It's odd that the argument of sizeof() operator is the '& file_data' expression. pl_csv_logger productivity_link_helper.c 1831
ReactOS
V568 It's odd that the argument of sizeof() operator is the 'UnknownError [0] - 20' expression. syssetup wizard.c 1696
static DWORD CALLBACK
RegistrationProc(LPVOID Parameter)
{
....
if (0 == LoadStringW(hDllInstance, IDS_UNKNOWN_ERROR,
UnknownError,
sizeof(UnknownError) / sizeof(UnknownError[0] -
20)))
....
}
A parenthesis seems to be put in a wrong place. This code should look like this: sizeof(UnknownError) / sizeof(UnknownError[0]).
OpenCV
V568 It's odd that the argument of sizeof() operator is the '& caps' expression. cap_vfw.cpp 409
CAPDRIVERCAPS caps;
bool CvCaptureCAM_VFW::open( int wIndex )
{
....
memset( &caps, 0, sizeof(caps));
capDriverGetCaps( hWndC, &caps, sizeof(&caps));
....
}
Asterisk
V568 It's odd that the argument of sizeof() operator is the 'data[0] * 2' expression. channel.c 8853
static int redirecting_reason_build_data(....)
{
....
if (datalen < pos + sizeof(data[0] * 2) + length) { // <=
ast_log(LOG_WARNING, "No space left for %s string\n", label);
return -1;
}
....
}
Haiku Operation System
V568 It's odd that the argument of sizeof() operator is the 'sizeof (struct tlv_header_t)' expression. print-slow.c 255
void
slow_print(register const u_char *pptr, register u_int len) {
....
if (vflag > 1)
print_unknown_data(tptr+sizeof(sizeof(struct tlv_header_t)),
"\n\t ", tlv_len-sizeof(struct tlv_header_t));
....
}
Similar errors can be found in some other places:
- V568 It's odd that the argument of sizeof() operator is the 'sizeof (struct lmp_object_header)' expression. print-lmp.c 872
- V568 It's odd that the argument of sizeof() operator is the 'sizeof (struct tlv_header_t)' expression. print-slow.c 182
- V568 It's odd that the argument of sizeof() operator is the 'sizeof (struct eigrp_tlv_header)' expression. print-eigrp.c 283
- And 1 additional diagnostic messages.
Far2l
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'PInfo' class object. filelist.cpp 672
int64_t FileList::VMProcess(int OpCode,
void *vParam,
int64_t iParam)
{
switch (OpCode)
{
....
case MCODE_V_PPANEL_PREFIX: // PPanel.Prefix
{
PluginInfo *PInfo = (PluginInfo *)vParam;
memset(PInfo, 0, sizeof(PInfo)); // <=
PInfo->StructSize = sizeof(PInfo); // <=
....
}
....
}
}
Similar errors can be found in some other places:
- V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'PInfo' class object. filelist.cpp 673
- V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'HistoryItem' class object. history.cpp 594
- V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'handle' class object. plugins.cpp 682
CryEngine V
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'this' class object. ClipVolumeManager.cpp 145
void
CClipVolumeManager::GetMemoryUsage(class ICrySizer* pSizer) const
{
pSizer->AddObject(this, sizeof(this));
for (size_t i = 0; i < m_ClipVolumes.size(); ++i)
pSizer->AddObject(m_ClipVolumes[i].m_pVolume);
}
EFL Core Libraries
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'addr' class object. efl_net_server_tcp.c 192
EOLIAN static Eina_Error
_efl_net_server_tcp_efl_net_server_fd_socket_activate(....)
{
....
struct sockaddr_storage *addr;
socklen_t addrlen;
....
addrlen = sizeof(addr);
if (getsockname(fd, (struct sockaddr *)&addr, &addrlen) != 0)
....
}
Similar errors can be found in some other places:
- V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'addr' class object. efl_net_server_udp.c 228
- V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'addr' class object. efl_net_server_unix.c 198
XNU kernel
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'thread_template.overrides' class object. thread.c 377
extern void bzero(void *, size_t);
static struct thread thread_template, init_thread;
struct thread {
....
struct thread_qos_override {
struct thread_qos_override *override_next;
uint32_t override_contended_resource_count;
int16_t override_qos;
int16_t override_resource_type;
user_addr_t override_resource;
} *overrides;
....
};
void
thread_bootstrap(void)
{
....
bzero(&thread_template.overrides,
sizeof(thread_template.overrides));
....
}
One took a pointer to a pointer and nullified it. A very strange unnatural way to reset the value of the variable. It is much easier to write: thread_template.overrides = NULL; We can conclude that a developer wanted to reset the buffer, but nullified a pointer.
RT-Thread
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'filter' class object. fsl_mcan.c 418
void MCAN_SetSTDFilterElement(CAN_Type *base,
const mcan_frame_filter_config_t *config,
const mcan_std_filter_element_config_t *filter,
uint8_t idx)
{
uint8_t *elementAddress = 0;
elementAddress = (uint8_t *)(MCAN_GetMsgRAMBase(base) +
config->address + idx * 4U);
memcpy(elementAddress, filter, sizeof(filter));
}
RT-Thread
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'filter' class object. fsl_mcan.c 428
void MCAN_SetEXTFilterElement(CAN_Type *base,
const mcan_frame_filter_config_t *config,
const mcan_ext_filter_element_config_t *filter,
uint8_t idx)
{
uint8_t *elementAddress = 0;
elementAddress = (uint8_t *)(MCAN_GetMsgRAMBase(base) +
config->address + idx * 8U);
memcpy(elementAddress, filter, sizeof(filter));
}
Android
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'st' class object. MtpFfsHandle.cpp 251
int MtpFfsHandle::handleControlRequest(const struct usb_ctrlrequest *setup) {
....
struct mtp_device_status *st =
reinterpret_cast<struct mtp_device_status*>(buf.data());
st->wLength = htole16(sizeof(st));
....
}
Similar errors can be found in some other places:
- V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'cacheinfo' class object. NetlinkEvent.cpp 220
- V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'page->next' class object. linker_block_allocator.cpp 146
- V568 It's odd that the argument of sizeof() operator is the '& session_id' expression. reference-ril.c 1775
Azure Service Fabric
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'thisPtr' class object. TimerQueue.cpp 443
void TimerQueue::SigHandler(int sig, siginfo_t *si, void*)
{
TimerQueue* thisPtr = (TimerQueue*)si->si_value.sival_ptr;
auto written = write(thisPtr->pipeFd_[1],
&thisPtr, sizeof(thisPtr));
Invariant(written == sizeof(thisPtr)); // <=
}
Invariant(written == sizeof(*thisPtr));
PMDK
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'pop' class object. util_ctl.c 717
struct pool {
struct ctl *ctl;
};
int
main(int argc, char *argv[])
{
....
struct pool *pop = malloc(sizeof(pop));
....
}
Microsoft PowerToys
V568 It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'keyEventList' class object. KeyboardEventHandlers.cpp 16
typedef struct tagINPUT {
DWORD type;
union
{
MOUSEINPUT mi;
KEYBDINPUT ki;
HARDWAREINPUT hi;
} DUMMYUNIONNAME;
} INPUT, *PINPUT, FAR* LPINPUT;
void SetNumLockToPreviousState(....)
{
int key_count = 2;
LPINPUT keyEventList = new INPUT[size_t(key_count)]();
memset(keyEventList, 0, sizeof(keyEventList));
....
}