Our website uses cookies to enhance your browsing experience.
Accept
to the top
close form

Fill out the form in 2 simple steps below:

Your contact information:

Step 1
Congratulations! This is your promo code!

Desired license type:

Step 2
Team license
Enterprise license
** By clicking this button you agree to our Privacy Policy statement
close form
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
* By clicking this button you agree to our Privacy Policy statement

close form
Free PVS‑Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

close form
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

close form
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

close form
check circle
Message submitted.

Your message has been sent. We will email you at


If you do not see the email in your inbox, please check if it is filtered to one of the following folders:

  • Promotion
  • Updates
  • Spam

Webinar: Evaluation - 05.12

>
>
>
Examples of errors detected by the V609…

Examples of errors detected by the V609 diagnostic

V609. Possible division or mod by zero.


VNL

V609 Divide by zero. Denominator 'x' == 0. pow_ii.c 28


integer pow_ii(integer *ap, integer *bp)
{
  integer pow, x, n;
  unsigned long u;

  x = *ap;
  n = *bp;

  if (n <= 0)
  {
    if (n == 0 || x == 1)
      return 1;

    if (x != -1)
      return x == 0 ? 1/x : 0;

    n = -n;
  }
  ....
}

Mozilla Thunderbird

V609 Divide by zero. Denominator range [0..8]. ionbuilder.cpp 10922


static inline size_t UnboxedTypeSize(JSValueType type)
{
  switch (type) {
    ....
  default: return 0;
  }
}

MInstruction*IonBuilder::loadUnboxedProperty(size_t offset,
                              JSValueType unboxedType, ....)
{
  size_t index = offset / UnboxedTypeSize(unboxedType);
  ....
}

Similar errors can be found in some other places:

  • V609 Divide by zero. Denominator range [0..8]. ionbuilder.cpp 11844

Inkscape

V609 Divide by zero. Denominator range [0..999]. lpe-fillet-chamfer.cpp 607


Geom::PathVector
LPEFilletChamfer::doEffect_path(....)
{
  ....
  if(....){
    ....
  } else if (type >= 3000 && type < 4000) {
      unsigned int chamferSubs = type-3000;
      ....
      double chamfer_stepsTime = 1.0/chamferSubs;
      ....
  }
  ....
}

Similar errors can be found in some other places:

  • V609 Divide by zero. Denominator range [0..999]. lpe-fillet-chamfer.cpp 623

Chromium

V609 Divide by zero. Denominator range [0..4096]. addr.h 159


static int BlockSizeForFileType(FileType file_type) {
    switch (file_type) {
      ....
      default:
        return 0;
    }
}

static int RequiredBlocks(int size, FileType file_type)
{
  int block_size = BlockSizeForFileType(file_type);
  return (size + block_size - 1) / block_size;             // <=
}

EFL Core Libraries

V609 Mod by zero. Denominator range [0..24]. eina_inline_value_util.x 59


static inline size_t
eina_value_util_type_size(const Eina_Value_Type *type)
{
  if (type == EINA_VALUE_TYPE_INT)
    return sizeof(int32_t);
  if (type == EINA_VALUE_TYPE_UCHAR)
    return sizeof(unsigned char);
  if ((type == EINA_VALUE_TYPE_STRING) ||
      (type == EINA_VALUE_TYPE_STRINGSHARE))
    return sizeof(char*);
  if (type == EINA_VALUE_TYPE_TIMESTAMP)
    return sizeof(time_t);
  if (type == EINA_VALUE_TYPE_ARRAY)
    return sizeof(Eina_Value_Array);
  if (type == EINA_VALUE_TYPE_DOUBLE)
    return sizeof(double);
  if (type == EINA_VALUE_TYPE_STRUCT)
    return sizeof(Eina_Value_Struct);
  return 0;                                            // <=
}

static inline unsigned int
eina_value_util_type_offset(
  const Eina_Value_Type *type, unsigned int base)
{
   unsigned size, padding;
   size = eina_value_util_type_size(type);             // <=
   if (!(base % size))                                 // <=
     return base;
   padding = ( (base > size) ? (base - size) : (size - base));
   return base + padding;
}

SpeedCrunch

V609 Divide by zero. Denominator range [0..4]. floatconvert.c 266


static int
lgbase( signed char base)
{
  switch(base)
  {
    case 2:
      return 1;
    case 8:
      return 3;
    case 16:
      return 4;
  }
  return 0;                                       // <=
}

static void
_setlongintdesc(
  p_ext_seq_desc n,
  t_longint* l,
  signed char base)
{
  int lg;

  n->seq.base = base;
  lg = lgbase(base);                              // <=
  n->seq.digits = (_bitlength(l) + lg - 1) / lg;  // <=
  n->seq.leadingSignDigits = 0;
  n->seq.trailing0 = _lastnonzerobit(l) / lg;     // <=
  n->seq.param = l;
  n->getdigit = _getlongintdigit;
}

Haiku Operation System

V609 Divide by zero. Denominator range [0..64]. UiUtils.cpp 544


static int32 GetSIMDFormatByteSize(uint32 format)
{
  switch (format) {
    case SIMD_RENDER_FORMAT_INT8:
      return sizeof(char);
    case SIMD_RENDER_FORMAT_INT16:
      return sizeof(int16);
    case SIMD_RENDER_FORMAT_INT32:
      return sizeof(int32);
    case SIMD_RENDER_FORMAT_INT64:
      return sizeof(int64);
    case SIMD_RENDER_FORMAT_FLOAT:
      return sizeof(float);
    case SIMD_RENDER_FORMAT_DOUBLE:
      return sizeof(double);
  }
  return 0;
}

const BString&
UiUtils::FormatSIMDValue(const BVariant& value, uint32 bitSize,
  uint32 format, BString& _output)
{
  _output.SetTo("{");
  char* data = (char*)value.ToPointer();
  uint32 count = bitSize / (GetSIMDFormatByteSize(format) * 8);  // <=
  ....
}

ROOT

V609 Divide by zero. Denominator range [0..100]. TGHtmlImage.cxx 340


const char *TGHtml::GetPctWidth(TGHtmlElement *p, char *opt, char *ret)
{
  int n, m, val;
  ....
  if (n < 0 || n > 100) return z;
  if (opt[0] == 'h') {
    val = fCanvas->GetHeight() * 100;
  } else {
    val = fCanvas->GetWidth() * 100;
  }
  if (!fInTd) {
    snprintf(ret, 15, "%d", val / n);
  } else {
    ....
  }
  ....
}

LLVM/Clang

V609 Mod by zero. Denominator 'd.s.low' == 0. udivmoddi4.c 61


typedef int32_t si_int;
typedef uint32_t su_int;

typedef union {
  du_int all;
  struct {
#if _YUGA_LITTLE_ENDIAN
    su_int low;
    su_int high;
#else
    su_int high;
    su_int low;
#endif // _YUGA_LITTLE_ENDIAN
  } s;
} udwords;

COMPILER_RT_ABI du_int __udivmoddi4(du_int a, du_int b, du_int *rem) {
  ....
  if (d.s.low == 0) {
    if (d.s.high == 0) {
      // K X
      // ---
      // 0 0
      if (rem)
        *rem = n.s.high % d.s.low;
      return n.s.high / d.s.low;
    }
  ....
}

Similar errors can be found in some other places:

  • V609 Divide by zero. Denominator 'd.s.low' == 0. udivmoddi4.c 62

MuditaOS

V609 [CERT-EXP37-C] Divide by zero. The 'qfilter_CalculateCoeffs' function processes value '0'. Inspect the third argument. Check lines: 'Equalizer.cpp:26', 'unittest_equalizer.cpp:91'. Equalizer.cpp 26


// Equalizer.cpp
QFilterCoefficients qfilter_CalculateCoeffs(
        FilterType filter, float frequency, uint32_t samplerate, float Q,
        float gain)
{
  constexpr auto qMinValue         = .1f;
  constexpr auto qMaxValue         = 10.f;
  constexpr auto frequencyMinValue = 0.f;

  if (frequency < frequencyMinValue && filter != FilterType::FilterNone)
  {
    throw std::invalid_argument("Negative frequency provided");
  }
  if ((Q < qMinValue || Q > qMaxValue) && filter != FilterType::FilterNone)
  {
    throw std::invalid_argument("Q out of range");
  }
  ....
  float omega    = 2 * M_PI * frequency / samplerate;
  ....
}
....
// unittest_equalizer.cpp
const auto filterNone = qfilter_CalculateCoeffs(FilterType::FilterNone,
                                                0, 0, 0, 0);

Ogre3D

V609. Possible division or mod by zero. OgreInstanceBatchHW_VTF.cpp 56


static const uint16 c_maxTexWidthHW = 4096;
const size_t numBones =
  std::max<size_t>(1, baseSubMesh->blendIndexToBoneIndexMap.size());
// ....
const size_t maxUsableWidth = c_maxTexWidthHW –
                             (c_maxTexWidthHW % (numBones * mRowLength));
// ....
size_t texHeight = numWorldMatrices * mRowLength / maxUsableWidth; // <=

The maxUsableWidth variable can have a value from 0 to 4096. Thus, if maxUsableWidth suddenly turns out to be zero, we will get a division by zero at the place specified by the comment. Boom! But the code seems to be clean. It even compiles and works until 0 slips into the maxUsableWidth variable. This can happen if the result of numBones * mRowLength is greater than 4096. The size of the blendIndexToBoneIndexMap vector is used to initialize the numBones variable. Perhaps developers control the number of container elements outside the class. But maybe they're just lucky that the vector isn't big enough. However, if the vector is suddenly larger than 4096, the division by zero will happen — the program will crash


LLVM/Clang

V609 Mod by zero. Denominator 'SrcNumElts' == 0. CGBuiltin.cpp:14833


Value *CodeGenFunction::EmitX86BuiltinExpr(unsigned BuiltinID,
                                           const CallExpr *E)
{
  ....
  unsigned SrcNumElts =
        cast<llvm::FixedVectorType>(Ops[1]->getType())->getNumElements();
  ....
  int Indices[16];
    for (unsigned i = 0; i != DstNumElts; ++i)
      Indices[i] = (i >= SrcNumElts) ? SrcNumElts + (i % SrcNumElts) : i;
  ....
}