Our website uses cookies to enhance your browsing experience.
Accept
to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
* Difference between Team and Enterprise
Didn't get our email?
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
Why do we ask to use Business Email?
New License
License Renewal
--Select currency--
USD
EUR
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
Why do we ask to use Business Email?
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
Why do we ask to use Business Email?
Didn't get our email?
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you do not see the email in your inbox, please check if it is filtered to one of the following folders:

  • Promotion
  • Updates
  • Spam

Webinar: Evaluation - 05.12

Registration
Home
>
Posts
>
Examples of errors
>
Examples of errors detected by the V579…

Examples of errors detected by the V579 diagnostic

V579. The 'Foo' function receives the pointer and its size as arguments. This may be a potential error. Inspect the Nth argument.

Apache HTTP Server

V579 The apr_snprintf function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. libhttpd util_pcre.c 85


AP_DECLARE(apr_size_t) ap_regerror(int errcode,
  const ap_regex_t *preg, char *errbuf, apr_size_t errbuf_size)
{
  ....
  apr_snprintf(errbuf, sizeof errbuf,
    "%s%s%-6d", message, addmessage, (int)preg->re_erroffset);
  ....
}

Far Manager

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. far treelist.hpp 66


struct TreeItem
{
  int *Last;
  size_t LastCount;
  ....
  void Clear()
  {
    strName.Clear();
    memset(Last,0,sizeof(Last));
    Depth=0;
  }
};

This is what should have been written here: memset(Last,0,LastCount*sizeof(int));

ReactOS

V579 The strncmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. vga vbe.c 57


static const PCHAR Nv11Board = "NV11 (GeForce2) Board";
static const PCHAR Nv11Chip = "Chip Rev B2";
static const PCHAR Nv11Vendor = "NVidia Corporation";

BOOLEAN
IsVesaBiosOk(....)
{
  ....
  if (!(strncmp(Vendor, Nv11Vendor, sizeof(Nv11Vendor))) &&
      !(strncmp(Product, Nv11Board, sizeof(Nv11Board))) &&
      !(strncmp(Revision, Nv11Chip, sizeof(Nv11Chip))) &&
      (OemRevision == 0x311))
  ....
}

The error is this: sizeof() returns the pointer size, not string length.

Similar errors can be found in some other places:

  • V579 The strncmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. vga vbe.c 54
  • V579 The WriteFile function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. syssetup logfile.c 188

ReactOS

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. ntoskrnl cmcontrl.c 121


typedef struct _HHIVE
{
  ....
} HHIVE, *PHHIVE;

VOID
CmGetSystemControlValues(....)
{
  PHHIVE SystemHive = (PHHIVE)&CmControlHive;
  ....
  RtlZeroMemory(SystemHive, sizeof(SystemHive));
  ....
}

Most likely this is what should be written here: RtlZeroMemory(SystemHive, sizeof(*SystemHive));

Chromium

V579 The strncmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. ppapi_tests test_file_io.cc 759


std::string TestFileIO::TestParallelReads() {
  ....
  const char* expected_result_1 =
    "__border__abc__border__";
  const char* expected_result_2 =
    "__border__defghijkl__border__";
  if (strncmp(extended_buf_1, expected_result_1,
              sizeof(expected_result_1)) != 0 ||
      strncmp(extended_buf_2, expected_result_2,
              sizeof(expected_result_2)) != 0) {
  ....
}

Similar errors can be found in some other places:

  • V579 The strncmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. ppapi_tests test_file_io.cc 761

Chromium

V579 The strncmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. hunspell affixmgr.cxx 3545


int  AffixMgr::parse_convtable(..., const char * keyword)
{
  ....
  if (strncmp(piece, keyword, sizeof(keyword)) != 0) {
  ....
}

Doom 3

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. DoomDLL megatexture.cpp 542


void idMegaTexture::GenerateMegaMipMaps() {
  ....
  byte *newBlock = (byte *)_alloca( tileSize );
  ....
  memset( newBlock, 0, sizeof( newBlock ) );
  ....
}

Most likely this is what should be written here: memset( newBlock, 0, tileSize );

Mozilla Firefox

V579 The strncmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. affixmgr.cpp 3708


int  AffixMgr::parse_convtable(..., const char * keyword)
{
  ....
  if (strncmp(piece, keyword, sizeof(keyword)) != 0) {
      HUNSPELL_WARNING(stderr,
        "error: line %d: table is corrupt\n", af->getlinenum());
      delete *rl;
      *rl = NULL;
      return 1;
  }
  ....
}

Most likely this is what should be written here: if (strncmp(piece, keyword, strlen(keyword)) != 0) {

Mozilla Firefox

V579 The InternetSetOptionW function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the fourth argument. http_upload.cc 152


bool HTTPUpload::SendRequest(..., int *timeout, ...)
{
  if (timeout) {
    if (!InternetSetOption(request.get(),
                           INTERNET_OPTION_SEND_TIMEOUT,
                           timeout,
                           sizeof(timeout))) {
      fwprintf(stderr,
        L"Could not unset send timeout, continuing...\n");
    }
  ....
}

Similar errors can be found in some other places:

  • V579 The InternetSetOptionW function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the fourth argument. http_upload.cc 159

Quake-III-Arena

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. Radiant xywnd.cpp 3512


void CXYWnd::Paste()
{
  ....
  char* pBuffer = new char[nLen+1];
  memset( pBuffer, 0, sizeof(pBuffer) );
  ....
}

Most likely this is what should be written here: memset( pBuffer, 0, (nLen+1) * sizeof(char) );

Dolphin Emulator

V579 The memcmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. VideoDX11 d3dutil.cpp 598


void drawShadedTexSubQuad(...,
  const MathUtil::Rectangle<float>* rDest, ...)
{
  ....
  if (stsq_observer ||
      memcmp(rDest, &tex_sub_quad_data.rdest,
             sizeof(rDest)) != 0 ||
      tex_sub_quad_data.u1 != u1 ||
      tex_sub_quad_data.v1 != v1 ||
      tex_sub_quad_data.u2 != u2 ||
      tex_sub_quad_data.v2 != v2 ||
      tex_sub_quad_data.G != G)
  ....
}

Dolphin Emulator

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. Core ppcanalyst.cpp 302


u32 Flatten(..., BlockStats *st, ...)
{
  ....
  memset(st, 0, sizeof(st));
  ....
}

Quake-III-Arena

V579 The Com_Memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. quake3 cvar.c 763


void Cvar_Restart_f( void ) {
  cvar_t *var;
  ....
  // clear the var completely, since we
  // can't remove the index from the list
  Com_Memset( var, 0, sizeof( var ) );
  ....
}

Most likely this is what should be written here: Com_Memset( var, 0, sizeof( *var ) );

ADAPTIVE Communication Environment (ACE)

V579 The strsncpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. ACE name_request_reply.cpp 251


char *strsncpy (char *dst,
                const char *src,
                size_t maxlen);

class ACE_Export ACE_Name_Request
{
  ....
  /// Pointer to the beginning of the type in this->data_;
  char *type_;
};

void
ACE_Name_Request::type (const char *c)
{
  ACE_TRACE ("ACE_Name_Request::type");
  ACE_OS::strsncpy (this->type_,
                    c,
                    sizeof this->type_);
}

Similar errors can be found in some other places:

  • V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. thread.inl 172

Blender

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. bf_imbuf tiff.c 442


static int imb_read_tiff_pixels(....)
{
  float *fbuf=NULL;
  ....
  memset(fbuf, 1.0, sizeof(fbuf));
  ....
}

Something strange. There's also 1.0 used here.

Similar errors can be found in some other places:

  • V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. bf_imbuf tiff.c 450

PeerBlock

V579 The Curl_strntoupper function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. libcurl rtsp.c 753


void Curl_strntoupper(char *dest, const char *src, size_t n)
{
  if(n < 1)
    return;

  do {
    *dest++ = Curl_raw_toupper(*src);
  } while(*src++ && --n);
}

CURLcode Curl_rtsp_parseheader(....)
{
  ....
  char *temp = strdup(header);
  ....
  Curl_strntoupper(temp, temp, sizeof(temp));
  ....
}

UCSniff

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. directory_parser.c 1338


int check_name_value(... ,char *target)
{
  ....
  memset(target,'\0',sizeof(target));
  ....
}

MAME

V579 The memcmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. apridisk.c 128


static const char *apr_magic =
  "ACT Apricot disk image\x1a\x04";

FLOPPY_IDENTIFY( apridisk_identify )
{
  UINT8 header[APR_HEADER_SIZE];

  /* get header */
  floppy_image_read(floppy, &header, 0, sizeof(header));

  /* look for the magic string */
  if (memcmp(header, apr_magic, sizeof(apr_magic)) == 0)
  ....
}

Trans-Proteomic Pipeline

V579 The strncpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. CombineOut out2xml.cxx 210


void Out2XML::writeOutData() {
  ....
  // assume a string of less than
  // 9 characters will represent the charge state
  char *chg=(char*)malloc(10 * sizeof(char));
  // zero-fill the rest of the array
  strncpy(chg, "1", sizeof(chg));
  ....
}

Similar errors can be found in some other places:

  • V579 The strncpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. CombineOut out2xml.cxx 214

ffdshow

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. tfont.cpp 44


TprintPrefs::TprintPrefs(IffdshowBase *Ideci,
                         const TfontSettings *IfontSettings)
{
  // This doesn't seem to help after optimization.
  memset(this, 0, sizeof(this));
  dx = dy = 0;
  isOSD = false;
  xpos = ypos = 0;
  align = 0;
  linespacing = 0;
  sizeDx = 0;
  sizeDy = 0;
  ....
}

Super! As always, the compiler is to blame. This is what should have been written here: sizeof(*this).

ffdshow

V579 The memcpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. avisynth.h 695


void Assign(const AVSValue* src, bool init) {
  if (src->IsClip() && src->clip)
    src->clip->AddRef();
  if (!init && IsClip() && clip)
    clip->Release();
  // make sure this copies the whole struct!
  //((__int32*)this)[0] = ((__int32*)src)[0];
  //((__int32*)this)[1] = ((__int32*)src)[1];
  memcpy(this,src,sizeof(this));
}

Come on, you scoundrel, get copied, get copied!

CamStudio

V579 The strcpy_s function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. camsys.cpp 39


LONG GetRegKey (HKEY key, LPCTSTR subkey, LPTSTR retdata)
{
  HKEY hkey;
  LONG retval = ::RegOpenKeyEx (key, subkey,
    0, KEY_QUERY_VALUE, &hkey);
  if (retval == ERROR_SUCCESS)
  {
    long datasize = MAX_PATH;
    TCHAR data[MAX_PATH];
    ::RegQueryValue (hkey, NULL, data, &datasize);
    // Cause C4996 warning, marked as deprecation candidate
    // _tcscpy (retdata, data);
    // Safe replacement
    strcpy_s(retdata, sizeof(retdata), data );
    ::RegCloseKey (hkey);
  }
  return retval;
}

It was right but unsafe. Then they made it safe but not right :)

Samba

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. reg_perfcount.c 945


static bool _reg_perfcount_init_data_block(....)
{
  smb_ucs2_t *temp = NULL;
  ....
  memset(temp, 0, sizeof(temp));
  ....
}

Most likely this is what should be written here: sizeof(*temp).

Similar errors can be found in some other places:

  • V579 The cli_api function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the seventh argument. clirap2.c 331
  • V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. engine.c 91
  • V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. md2.c 133

OpenSSL

V579 The OPENSSL_cleanse function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. des.c 669


unsigned char cleanse_ctr = 0;

void OPENSSL_cleanse(void *ptr, size_t len)
{
  unsigned char *p = ptr;
  size_t loop = len, ctr = cleanse_ctr;
  while(loop--)
  {
    *(p++) = (unsigned char)ctr;
    ctr += (17 + ((size_t)p & 0xF));
  }
  p=memchr(ptr, (unsigned char)ctr, len);
  if(p)
    ctr += (63 + (size_t)p);
  cleanse_ctr = (unsigned char)ctr;
}

void usage(void)
{
  static unsigned char *buf=NULL,*obuf=NULL;
  ....
problems:
  OPENSSL_cleanse(buf,sizeof(buf));
  OPENSSL_cleanse(obuf,sizeof(obuf));
  ....
}

Similar errors can be found in some other places:

  • V579 The OPENSSL_cleanse function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. des.c 670
  • V579 The OPENSSL_cleanse function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. ec_mult.c 173
  • V579 The OPENSSL_cleanse function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. ec_mult.c 176

TortoiseSVN

V579 The strncmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. affixmgr.cxx 3654


int  AffixMgr::parse_convtable(...., const char * keyword)
{
  char * piece;
  ....
  if (strncmp(piece, keyword, sizeof(keyword)) != 0) {
  ....
}

Chromium

V579 The string function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. syncable_unittest.cc 1790


TEST_F(OnDiskSyncableDirectoryTest, TestShareInfo) {
  dir_->set_store_birthday("Jan 31st");
  const char* const bag_of_chips_array = "\0bag of chips";
  const std::string bag_of_chips_string =
    std::string(bag_of_chips_array, sizeof(bag_of_chips_array));
  ....
}

Similar errors can be found in some other places:

  • V579 The string function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. syncable_unittest.cc 1800
  • V579 The string function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. syncable_unittest.cc 1810

Source Engine SDK

V579 The V_strncpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. Client (HL2) vgui_messagechars.cpp 240


typedef struct message_s
{
  ....
  char    *text;
  ....
} message_t;

int CMessageCharsPanel::AddText(....)
{
  ....
  msg->text = new char[ Q_strlen( data ) + 1 ];
  Assert( msg->text );
  Q_strncpy( msg->text, data, sizeof( msg->text ) );
  ....
}

Firebird

V579 The convert function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. intlutil.cpp 668


ULONG convert(const ULONG srcLen,
              const UCHAR* src,
              const ULONG dstLen,
              UCHAR* dst,
              ULONG* badInputPos = NULL,
              bool ignoreTrailingSpaces = false);

string IntlUtil::escapeAttribute(....)
{
  ....
  ULONG l;
  UCHAR* uc = (UCHAR*)(&l);
  const ULONG uSize =
    cs->getConvToUnicode().convert(size, p, sizeof(uc), uc);
  ....
}

Unreal Engine 4

V579 The Memcmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. pimplrecastnavmesh.cpp 172


bool FRecastQueryFilter::IsEqual(
  const INavigationQueryFilterInterface* Other) const
{
  // @NOTE: not type safe, should be changed when
  // another filter type is introduced
  return FMemory::Memcmp(this, Other, sizeof(this)) == 0;
}

APR

V579 The apr_cpystrn function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. dir.c 250


APR_DECLARE(char *)
apr_cpystrn(char *dst, const char *src, apr_size_t dst_size);

APR_DECLARE(apr_status_t) apr_dir_read(....)
{
  ....
  char *fspec = (char*)wdirname;
  ....
  apr_cpystrn(fspec, thedir->dirname, sizeof(fspec));
  ....
}

Mozilla Firefox

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. winutils.cpp 146


void
WinUtils::LogW(const wchar_t *fmt, ...)
{
  ....
  char* utf8 = new char[len+1];
  memset(utf8, 0, sizeof(utf8));
  ....
}

Most likely this is what should be written here: memset(utf8, 0, (len+1) * sizeof(*utf8));

.NET CoreCLR

V579 The DacReadAll function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. daccess dacimpl.h 1688


template<class T>
inline bool MisalignedRead(CORDB_ADDRESS addr, T *t)
{
 return SUCCEEDED(DacReadAll(TO_TADDR(addr), t, sizeof(t), ....);
}

.NET CoreCLR

V579 The Read function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. util.cpp 4943


HRESULT GetMTOfObject(TADDR obj, TADDR *mt)
{
  if (!mt)
    return E_POINTER;

  HRESULT hr = rvCache->Read(obj, mt, sizeof(mt), NULL);
  if (SUCCEEDED(hr))
    *mt &= ~3;

  return hr;
}

SETI@home

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. analyzereport.cpp 271


int ReportTripletEvent(....)
{
  ....
  static int * inv;
  if (!inv)
    inv = (int*)calloc_a(swi.analysis_cfg.triplet_pot_length,
      sizeof(int), MEM_ALIGN);
  memset(inv, -1, sizeof(inv));
  for (i=0;i<swi.analysis_cfg.triplet_pot_length;i++)
  {
    j = (i*pot_len)/swi.analysis_cfg.triplet_pot_length;
    if (inv[j] < 0)
      inv[j] = i;
    ....
  }
  ....
}

Mozilla Thunderbird

V579 The HashBytes function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. nsdisplaylist.h 929


struct AnimatedGeometryRootLookup
{
  ....
  PLDHashNumber Hash() const
  {
    return mozilla::HashBytes(this, sizeof(this));
  }
  ....
}

FreeBSD Kernel

V579 The bzero function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. osapi.c 316


/* Autosense storage */
struct scsi_sense_data sense_data;

void
ostiInitiatorIOCompleted(....)
{
  ....
  bzero(&csio->sense_data, sizeof(&csio->sense_data));
  ....
}

FreeBSD Kernel

V579 The bzero function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. acpi_package.c 83


int
acpi_PkgStr(...., void *dst, ....)
{
  ....
  bzero(dst, sizeof(dst));
  ....
}

FreeBSD Kernel

V579 The copyout function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. if_nxge.c 1498


int
xge_ioctl_stats(xge_lldev_t *lldev, struct ifreq *ifreqp)
{
  ....
  *data = (*data == XGE_SET_BUFFER_MODE_1) ? 'Y':'N';
  if(copyout(data, ifreqp->ifr_data, sizeof(data)) == 0)    // <=
      retValue = 0;
  break;
  ....
}

Serious Engine 1 v.1.10

V579 The qsort function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. mesh.cpp 224


// optimize lod of mesh
void CMesh::OptimizeLod(MeshLOD &mLod)
{
  ....
  // sort array
  qsort(&_aiSortedIndex[0]           // <=
        ctVertices
        sizeof(&_aiSortedIndex[0]),  // <=
        qsort_CompareArray);
  ....
}

Open X-Ray Engine

V579 The strconcat function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the first argument. space_restriction.cpp 201


CSpaceRestriction::merge(....) const
{
  ....
  LPSTR S = xr_alloc<char>(acc_length);

  for ( ; I != E; ++I)
    temp = strconcat(sizeof(S),S,*temp,",",*(*I)->name());
  ....
}

OpenJDK

V579 The jio_snprintf function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. os_linux.cpp 6094


bool os::start_debugging(char *buf, int buflen) {
  int len = (int)strlen(buf);
  char *p = &buf[len];
  ....
  if (yes) {
    // yes, user asked VM to launch debugger
    jio_snprintf(buf, sizeof(buf), "gdb /proc/%d/exe %d",
      os::current_process_id(), os::current_process_id());

    os::fork_and_exec(buf);
    yes = false;
  }
  return yes;
}

CryEngine V

V579 The memcmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. graphicspipelinestateset.h 58


bool
operator==(const SComputePipelineStateDescription& other) const
{
  return 0 == memcmp(this, &other, sizeof(this)); // <=
}

Similar errors can be found in some other places:

  • V579 The memcpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. geomcacherendernode.cpp 286
  • V579 The AddObject function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. clipvolumemanager.cpp 145
  • V579 The memcmp function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. graphicspipelinestateset.h 34

GDB

V579 The read_memory function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. jv-valprint.c 111


extern void read_memory (....);

void
java_value_print (....)
{
  ....
  gdb_byte *buf;
  buf = ((gdb_byte *)
    alloca (gdbarch_ptr_bit (gdbarch) / HOST_CHAR_BIT));
  ....
  read_memory (address, buf, sizeof (buf));
  ....
}

GDB

V579 The extract_unsigned_integer function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. jv-valprint.c 117


extern ULONGEST extract_unsigned_integer (const gdb_byte *, int,
            enum bfd_endian);

void
java_value_print (....)
{
  ....
  gdb_byte *buf;
  buf = ((gdb_byte *)
    alloca (gdbarch_ptr_bit (gdbarch) / HOST_CHAR_BIT));
  ....
  /* FIXME: cagney/2003-05-24: Bogus or what.  It
     pulls a host sized pointer out of the target and
     then extracts that as an address (while assuming
     that the address is unsigned)!  */
  element = extract_unsigned_integer (buf, sizeof (buf),
                                      byte_order);
  ....
}

Similar errors can be found in some other places:

  • V579 The read_memory function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. jv-valprint.c 123
  • V579 The extract_unsigned_integer function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. jv-valprint.c 129

GNU GRUB

V579 The grub_memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. grub-setup.c 500


static void setup (....)
{
  ....
  struct grub_boot_blocklist *first_block, *block;
  ....
  /* Clean out the blocklists.  */
  block = first_block;
  while (block->len)
    {
     grub_memset (block, 0, sizeof (block)); // <=
     block--;
     ....
    }
  ....
}

Similar errors can be found in some other places:

  • V579 The grub_memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. mmap.c 148
  • V579 The grub_memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. mmap.c 165

MySQL

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. win32.c 442


struct win32op {
  int fd_setsz;
  struct win_fd_set *readset_in;
  struct win_fd_set *writeset_in;
  struct win_fd_set *readset_out;
  struct win_fd_set *writeset_out;
  struct win_fd_set *exset_out;
  RB_HEAD(event_map, event_entry) event_root;

  unsigned signals_are_broken : 1;
};

void win32_dealloc(struct event_base *_base, void *arg)
{
  struct win32op *win32op = arg;
  ....
  memset(win32op, 0, sizeof(win32op));
  free(win32op);
}

RT-Thread

V579 CWE-687 The memcpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. fsl_mcan.c 418


void MCAN_SetSTDFilterElement(CAN_Type *base,
  const mcan_frame_filter_config_t *config,
  const mcan_std_filter_element_config_t *filter,
  uint8_t idx)
{
  uint8_t *elementAddress = 0;
  elementAddress = (uint8_t *)(MCAN_GetMsgRAMBase(base) +
                               config->address + idx * 4U);
  memcpy(elementAddress, filter, sizeof(filter));
}

RT-Thread

V579 CWE-687 The memcpy function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. fsl_mcan.c 428


void MCAN_SetEXTFilterElement(CAN_Type *base,
  const mcan_frame_filter_config_t *config,
  const mcan_ext_filter_element_config_t *filter,
  uint8_t idx)
{
  uint8_t *elementAddress = 0;
  elementAddress = (uint8_t *)(MCAN_GetMsgRAMBase(base) +
                               config->address + idx * 8U);
  memcpy(elementAddress, filter, sizeof(filter));
}

Doom 1

V579 [CWE-687] The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. g_game.c 495


void G_DoLoadLevel (void)
{
  ....
  memset (mousebuttons, 0, sizeof(mousebuttons));
  memset (joybuttons, 0, sizeof(joybuttons));
}

typedef enum {false, true} boolean;
boolean mousearray[4];
boolean joyarray[5];
boolean* mousebuttons = &mousearray[1];
boolean* joybuttons = &joyarray[1];

Similar errors can be found in some other places:

  • V579 [CWE-687] The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. g_game.c 496

Mozilla Thunderbird

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. icalmime.c 195


icalcomponent* icalmime_parse(....)
{
  struct sspm_part *parts;
  int i, last_level=0;
  icalcomponent *root=0, *parent=0, *comp=0, *last = 0;

  if ( (parts = (struct sspm_part *)
          malloc(NUM_PARTS*sizeof(struct sspm_part)))==0)
  {
    icalerror_set_errno(ICAL_NEWFAILED_ERROR);
    return 0;
  }

  memset(parts,0,sizeof(parts));

  sspm_parse_mime(parts,
      NUM_PARTS, /* Max parts */
      icalmime_local_action_map, /* Actions */
      get_string,
      data, /* data for get_string*/
      0 /* First header */);
  ....
}

Similar errors can be found in some other places:

  • V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. icalmime.c 385
  • V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. icalparameter.c 114
  • V579 The snprintf function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the second argument. icaltimezone.c 1908
  • And 3 additional diagnostic messages.

PMDK

V579 [CWE-687] The memcpy_fn function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. pmem2_map_prot.c 513


typedef void *(*pmem2_memcpy_fn)(void *pmemdest, const void *src, size_t len,
    unsigned flags);

static const char *initial_state = "No code.";

static int
test_rwx_prot_map_priv_do_execute(const struct test_case *tc,
  int argc, char *argv[])
{
  ....
  char *addr_map = pmem2_map_get_address(map);
  map->memcpy_fn(addr_map, initial_state, sizeof(initial_state), 0);
  ....
}

Captain Blood

V579 [CWE-687, CERT-ARR01-C] The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. Debugger.cpp 282


void appDebuger::debuggerMakeThreadDump(....)
{
  CONTEXT ct;
  memset (&ct, 0, sizeof(&ct));
  // ....
}
typedef struct DECLSPEC_NOINITALL _CONTEXT
{
  DWORD ContextFlags;
  // ....
  DWORD   SegCs;              // MUST BE SANITIZED
  DWORD   EFlags;             // MUST BE SANITIZED
  DWORD   Esp;
  DWORD   SegSs;
  BYTE   ExtendedRegisters[MAXIMUM_SUPPORTED_EXTENSION];

} CONTEXT;

Microsoft PowerToys

V579 The memset function receives the pointer and its size as arguments. It is possibly a mistake. Inspect the third argument. KeyboardEventHandlers.cpp 16


typedef struct tagINPUT {
    DWORD   type;

    union
    {
        MOUSEINPUT      mi;
        KEYBDINPUT      ki;
        HARDWAREINPUT   hi;
    } DUMMYUNIONNAME;
} INPUT, *PINPUT, FAR* LPINPUT;

void SetNumLockToPreviousState(....)
{
    int key_count = 2;
    LPINPUT keyEventList = new INPUT[size_t(key_count)]();
    memset(keyEventList, 0, sizeof(keyEventList));
    ....
}