Examples of errors detected by the V614 diagnostic
V614. Use of 'Foo' uninitialized variable.
Trans-Proteomic Pipeline
V614 Uninitialized variable 'fval' used. tpplib mixturemodel.cxx 834
void MixtureModel::assessPeptideProperties(char* filename,
Boolean icat, Boolean glyc)
{
....
double fval;
....
// fval is not used
....
if(! icat && strstr(pep, "C") != NULL && fval >= min_fval) {
....
}
Trans-Proteomic Pipeline
V614 Uninitialized variable 'iSeqSize' used. xtandem mscore_c.cpp 552
double mscore_c::dot_hr(unsigned long *_v)
{
....
int iSeqSize;
//perform a single pass through each array.
//check every point in m_pfSeq,
//but don't revisit positions in m_vmiType
for (int a = 0; a < iSeqSize; a++) {
....
}
Similar errors can be found in some other places:
- V614 Uninitialized variable 'separator' used. pwiz sampledatum.hpp 95
- V614 Uninitialized variable 'close' used. pwiz sampledatum.hpp 96
- V614 Uninitialized variable 'threshold' used. pwiz spectrumlistfactory.cpp 497
- And 3 additional diagnostic messages.
IPP Samples
V614 Potentially uninitialized pointer 'pDirEntry' used. Consider checking the first actual argument of the 'vm_dir_close' function. loadcodec.c 287
Ipp32s GetUSCCodecParamsByFormat(
LoadedCodec *codec, Ipp32s lQuery,FILE *f_log)
{
....
vm_dir *pDirEntry;
....
if(codec->pSOHandle==NULL) {
....
st = vm_dir_open(&pDirEntry,SO_FILE_MASK);
....
}
....
vm_dir_close(pDirEntry);
return -1;
}
MPC-HC
V614 Potentially uninitialized variable 'rtRefClockTimeNow' used. syncrenderer.cpp 3604
void CSyncAP::RenderThread()
{
....
REFERENCE_TIME rtRefClockTimeNow;
if (m_pRefClock) {
m_pRefClock->GetTime(&rtRefClockTimeNow);
}
LONG lLastVsyncTime =
(LONG)((m_llEstVBlankTime - rtRefClockTimeNow) / 10000);
....
}
ReactOS
V614 Uninitialized pointer 'hKey' used. Consider checking the first actual argument of the 'RegCreateKeyExW' function. tcpipconf_notify.c 3138
HRESULT WINAPI
INetCfgComponentControl_fnApplyRegistryChanges(
INetCfgComponentControl * iface)
{
HKEY hKey;
....
if (RegCreateKeyExW(hKey,
L"SYSTEM\\CurrentControlSet....",
....) == ERROR_SUCCESS)
....
}
NetXMS
V614 Potentially uninitialized variable 'nSqlRet' used. odbcsapi.cpp 220
int OdbcDisconnect(void* pvSqlCtx)
{
....
SQLRETURN nSqlRet;
....
if (nRet == SUCCESS)
{
....
nSqlRet = SQLDisconnect(pSqlCtx->hDbc);
....
}
if (SQLRET_FAIL(nSqlRet))
....
}
Similar errors can be found in some other places:
- V614 Potentially uninitialized variable 'dwNumRows' used. session.cpp 2112
- V614 Potentially uninitialized variable 'dwNumRows' used. session.cpp 7525
- V614 Potentially uninitialized variable 'dwNumRows' used. session.cpp 7659
- And 3 additional diagnostic messages.
Chromium
V614 Potentially uninitialized variable 'result' used. ie_event_sink.cc 240
HRESULT IEEventSink::Attach(IWebBrowser2* browser) {
DCHECK(browser);
HRESULT result;
if (browser) {
web_browser2_ = browser;
FindIEProcessId();
result = DispEventAdvise(web_browser2_,
&DIID_DWebBrowserEvents2);
}
return result;
}
Chromium
V614 Potentially uninitialized variable 'skip_dir_check' used. Consider checking the fifth actual argument of the 'Bind' function. save_package.cc 1326
void SavePackage::GetSaveInfo() {
....
bool skip_dir_check;
....
if (....) {
....->GetSaveDir(...., &skip_dir_check);
}
....
BrowserThread::PostTask(BrowserThread::FILE,
FROM_HERE,
base::Bind(..., skip_dir_check, ...));
}
Embedded SSL Library
V614 Potentially uninitialized variable 'rhSize' used. sniffer.c 2255
static int ProcessMessage(....)
{
int rhSize;
....
notEnough = 0;
....
if (sslBytes >= RECORD_HEADER_SZ) {
if (GetRecordHeader(sslFrame, &rh, &rhSize) != 0) {
....
return -1;
}
}
else
notEnough = 1;
....
if (notEnough || rhSize > (sslBytes - RECORD_HEADER_SZ)) {
....
}
tmp = sslFrame + rhSize; // <=
....
}
Trans-Proteomic Pipeline
V614 Potentially uninitialized pointer 'pScanIndex' used. sqt2xml.cxx 476
int main(int argc, char** argv) {
....
ramp_fileoffset_t *pScanIndex;
....
if ( (pFI=rampOpenFile(mzXmlPath_.c_str()))==NULL) {
....
} else {
....
pScanIndex = readIndex(pFI, indexOffset,
&iAnalysisLastScan );
....
}
....
if (pScanIndex != NULL)
free(pScanIndex);
return 0;
}
Similar errors can be found in some other places:
- V614 Potentially uninitialized pointer 'fp_' used. Consider checking the second actual argument of the 'PRINT_DATA' function. dta-xml.cpp 307
OpenCOLLADA
V614 Uninitialized variable 'i' used. mayadmtypes.h 1728
void write(FILE* file) const
{
fprintf(file,"%i %i %i %i ",
sDivisionCount, tDivisionCount, uDivisionCount, pointCount);
size_t size = pointCount*3;
for(size_t i; i<size; ++i)
{
fprintf(file, "%f", points[i]);
if(i+1<size) fprintf(file, " ");
}
}
Apache HTTP Server
V614 Potentially uninitialized pointer 'wch' used. apr start.c 58
static int warrsztoastr(const char * const * *retarr,
const wchar_t * arrsz, int args)
{
const apr_wchar_t *wch;
....
if (args < 0) {
for (args = 1, wch = arrsz; wch[0] || wch[1]; ++wch)
if (!*wch)
++args;
}
wsize = 1 + wch - arrsz;
....
}
Geant4 software
V614 Potentially uninitialized iterator 'insert_index' used. g4excitedstring.hh 193
typedef std::vector<G4Parton *> G4PartonVector;
inline
void G4ExcitedString::InsertParton(
G4Parton *aParton, const G4Parton * addafter)
{
G4PartonVector::iterator insert_index;
....
if ( addafter != NULL )
{
insert_index=std::find(thePartons.begin(),
thePartons.end(), addafter);
....
}
thePartons.insert(insert_index+1, aParton);
}
GNU C Library
V614 Uninitialized variable 'resplen' used. res_send.c 790
static int send_vc(....)
{
....
int truncating, connreset, resplen, n;
....
#ifdef _STRING_ARCH_unaligned
*anssizp2 = orig_anssizp - resplen;
*ansp2 = *ansp + resplen;
#else
....
}
Firebird
V614 Uninitialized variable 'sdl_operator' used. sdl.cpp 404
static const UCHAR* compile(const UCHAR* sdl, sdl_arg* arg)
{
SLONG n, count, variable, value, sdl_operator;
....
switch (op)
{
....
case isc_sdl_add:
sdl_operator = op_add;
case isc_sdl_subtract:
if (!sdl_operator)
sdl_operator = op_subtract;
....
}
Firebird
V614 Potentially uninitialized pointer 'fieldNode' used. blb.cpp 1043
void blb::move(....)
{
....
const FieldNode* fieldNode;
if (field)
{
if ((fieldNode = ExprNode::as<FieldNode>(field)))
....
}
....
const USHORT id = fieldNode->fieldId;
....
}
FFmpeg
V614 Potentially uninitialized variable 'info_bits' used. g723_1.c 2335
static int pack_bitstream(G723_1_Context *p,
unsigned char *frame, int size)
{
....
int info_bits;
....
if (p->cur_rate == RATE_6300) {
info_bits = 0;
put_bits(&pb, 2, info_bits);
}
....
return frame_size[info_bits];
}
Scilab
V614 Potentially uninitialized pointer 'loc' used. getfunctionbyname.c 61
typedef void (*voidf)();
voidf GetFunctionByName (char *name, int *rep, FTAB *table)
{
void (*loc)();
if (name)
{
....
loc = Emptyfunc;
....
}
else
{
....
}
return(loc);
}
Word for Windows 1.1a
V614 Uninitialized pointer 'pfl' used. Consider checking the first actual argument of the 'fclose' function. eldes.c 87
main(argc, argv)
int argc;
char * argv [];
{
FILE * pfl;
....
for (argi = 1; argi < argc; ++argi)
{
if (FWild(argv[argi]))
{
FEnumWild(argv[argi], FEWild, 0);
}
else
{
FEWild(argv[argi], 0);
}
fclose(pfl);
}
....
}
Word for Windows 1.1a
V614 Uninitialized pointer 'rgsz0' used. Consider checking the first actual argument of the 'strcpy' function. makeopus.c 961
FPathSpawn( rgsz )
char *rgsz[];
{ /* puts the correct path at the beginning of rgsz[0]
and calls FSpawnRgsz */
char *rgsz0;
strcpy(rgsz0, szToolsDir);
strcat(rgsz0, "\\");
strcat(rgsz0, rgsz[0]);
return FSpawnRgsz(rgsz0, rgsz);
}
OGDF
V614 Potentially uninitialized pointer 'layout' used. ogdf ogmlparser.cpp 2337
bool OgmlParser::buildAttributedClusterGraph(....)
{
....
XmlTagObject* layout;
if (structure->m_pBrother != NULL) {
layout = structure->m_pBrother;
}
if ((layout) &&
(layout->getName() == Ogml::s_tagNames[Ogml::t_layout]))
....
}
APR
V614 Potentially uninitialized pointer 'wch' used. libapr start.c 58
static int warrsztoastr(const char * const * *retarr,
const wchar_t * arrsz, int args)
{
const apr_wchar_t *wch;
....
if (args < 0) {
for (args = 1, wch = arrsz; wch[0] || wch[1]; ++wch)
if (!*wch)
++args;
}
wsize = 1 + wch - arrsz;
....
}
Mozilla Firefox
V614 Potentially uninitialized pointer 'device' used. nptest_windows.cpp 164
static ID3D10Device1*
getD3D10Device()
{
ID3D10Device1 *device;
....
if (createDXGIFactory1)
{
....
hr = createD3DDevice(...., &device);
....
}
return device;
}
Oracle VM Virtual Box
V614 Potentially uninitialized variable 'rc' used. suplib-win.cpp 367
static int suplibOsStopService(void)
{
/* Assume it didn't exist, so we'll create the service. */
int rc;
SC_HANDLE hSMgr = OpenSCManager(....);
....
if (hSMgr)
{
....
rc = VINF_SUCCESS;
....
}
return rc;
}
Similar errors can be found in some other places:
- V614 Potentially uninitialized variable 'rc' used. suplib-win.cpp 416
Miranda NG
V614 Potentially uninitialized pointer 'url' used. IEView ieview.cpp 1117
BSTR IEView::getHrefFromAnchor(IHTMLElement *element)
{
....
if (SUCCEEDED(....) {
VARIANT variant;
BSTR url;
if (SUCCEEDED(element->getAttribute(L"href", 2, &variant) &&
variant.vt == VT_BSTR))
{
url = mir_tstrdup(variant.bstrVal);
SysFreeString(variant.bstrVal);
}
pAnchor->Release();
return url;
}
....
}
Similar errors can be found in some other places:
- V614 Potentially uninitialized pointer 'hTimeZone' used. Consider checking the second actual argument of the 'Template_MakeRelativeDate' function. TabSRMM msglog.cpp 799
- V614 Potentially uninitialized pointer 'tSet' used. TabSRMM templates.cpp 221
- V614 Potentially uninitialized pointer 'szLast' used. Consider checking the first actual argument of the 'null_strdup' function. ICQ icq_servlist.cpp 1714
- And 17 additional diagnostic messages.
Godot Engine
V614 Potentially uninitialized pointer 'name' used. cp_player_data_control.cpp 244
const char* CPPlayer::get_voice_sample_name(int p_voice)
{
const char *name;
if (!voice[p_voice].sample_ptr)
name=voice[p_voice].sample_ptr->get_name();
return name;
}
Similar errors can be found in some other places:
- V614 Potentially uninitialized pointer 'name' used. cp_player_data_control.cpp 313
Doxygen
V614 Potentially uninitialized pointer 't' used. vhdlparser.cc 4127
QCString VhdlParser::extended_identifier()
{
Token *t;
if (!hasError)
t = jj_consume_token(EXTENDED_CHARACTER);
return t->image.c_str();
assert(false);
}
Similar errors can be found in some other places:
- V614 Potentially uninitialized pointer 'tmpEntry' used. vhdlparser.cc 4451
- V614 Potentially uninitialized pointer 't' used. vhdlparser.cc 5304
Mozilla Thunderbird
V614 Potentially uninitialized pointer 'hOldFont' used. progressui_win.cpp 168
static void InitDialog(....)
{
....
HFONT hInfoFont, hOldFont;
hInfoFont = (HFONT)SendMessage(hWndInfo, WM_GETFONT, 0, 0);
if (hInfoFont)
hOldFont = (HFONT)SelectObject(hDCInfo, hInfoFont);
....
if (hOldFont)
SelectObject(hDCInfo, hOldFont);
....
}
Similar errors can be found in some other places:
- V614 Potentially uninitialized pointer 'queryD3DKMTStatistics' used. gfxwindowsplatform.cpp 206
OpenToonz
V614 Potentially uninitialized pointer 'socket' used. Consider checking the first actual argument of the 'connect' function. tmsgcore.cpp 36
void TMsgCore::OnNewConnection() //server side
{
QTcpSocket *socket;
if (m_tcpServer)
socket = m_tcpServer->nextPendingConnection();
assert(socket);
bool ret = connect(socket, ....);
ret = ret && connect(socket, ....);
assert(ret);
m_sockets.insert(socket);
}
OpenToonz
V614 Uninitialized iterator 'it1' used. fxcommand.cpp 2096
QString DeleteLinksUndo::getHistoryString()
{
....
std::list<TFxP>::const_iterator it1; // <=
std::list<TFx *>::const_iterator ft;
for (ft = m_terminalFxs.begin(); ft != ....end(); ++ft) {
if (ft != m_terminalFxs.begin())
str += QString(", ");
str += QString("%1- -Xsheet")
.arg(QString::fromStdWString((*it1)->getName()));
}
....
}
ReactOS
V614 Potentially uninitialized pointer 'pptr' used. Consider checking the first actual argument of the 'check_hierarchical' function. uri.c 6838
static HRESULT parse_canonicalize(....)
{
const WCHAR **pptr;
....
if(uri->scheme_start > -1 && uri->path_start > -1) {
ptr = uri->canon_uri+uri->scheme_start+uri->scheme_len+1;
pptr = &ptr;
}
reduce_path = !(flags & URL_DONT_SIMPLIFY) &&
ptr && check_hierarchical(pptr);
}
Similar errors can be found in some other places:
- V614 Potentially uninitialized pointer 'name' used. Consider checking the third actual argument of the 'disp_get_id' function. engine.c 928
- V614 Potentially uninitialized pointer 'name_str' used. Consider checking the first actual argument of the 'jsstr_release' function. engine.c 929
- V614 Potentially uninitialized pointer 'FileHandle' used. Consider checking the first actual argument of the 'CloseHandle' function. dosfiles.c 402
- And 3 additional diagnostic messages.
CPython
V614 Potentially uninitialized pointer 'sigint_event' used. semaphore.c 120
static PyObject *
semlock_acquire(SemLockObject *self,
PyObject *args,
PyObject *kwds)
{
....
HANDLE handles[2], sigint_event;
....
/* prepare list of handles */
nhandles = 0;
handles[nhandles++] = self->handle;
if (_PyOS_IsMainThread()) {
sigint_event = _PyOS_SigintEvent();
assert(sigint_event != NULL);
handles[nhandles++] = sigint_event;
}
/* do the wait */
Py_BEGIN_ALLOW_THREADS
if (sigint_event != NULL) // <=
ResetEvent(sigint_event);
....
}
FreeBSD Kernel
V614 Uninitialized variable 'status' used. tdioctl.c 3396
osGLOBAL bit32
tdsaSendTMFIoctl(
tiRoot_t *tiRoot,
tiIOCTLPayload_t *agIOCTLPayload,
void *agParam1,
void *agParam2,
unsigned long resetType
)
{
bit32 status;
tmf_pass_through_req_t *tmf_req = ....;
#if !(defined(__FreeBSD__))
status = ostiSendResetDeviceIoctl(tiRoot, agParam2,
tmf_req->pathId, tmf_req->targetId, tmf_req->lun, resetType);
#endif
TI_DBG3((
"Status returned from ostiSendResetDeviceIoctl is %d\n",
status));
if(status != IOCTL_CALL_SUCCESS)
{
agIOCTLPayload->Status = status;
return status;
}
status = IOCTL_CALL_SUCCESS;
return status;
}
TensorFlow
V614 Potentially uninitialized variable 'sparse_input_start' used. sample_inputs_op.cc 351
void Compute(OpKernelContext* context) override {
....
int64 sparse_input_start; // <=
....
if (sparse_input) {
num_total_features += GetNumSparseFeatures(
sparse_input_indices, *it, &sparse_input_start); // <=
}
if (num_total_features == 0) {
LOG(WARNING) << "num total features is zero.";
break;
}
if (rand_feature < input_spec_.dense_features_size()) {
....
} else {
....
const int32 sparse_index = sparse_input_start + // <=
rand_feature - input_spec_.dense_features_size();
....
}
....
}
EFL Core Libraries
V614 Uninitialized variable 'temp' used. Consider checking the first actual argument of the 'gmtime' function. elm_calendar.c 720
extern struct tm *gmtime (const time_t *__timer)
__attribute__ ((__nothrow__ , __leaf__));
static void
_set_headers(Evas_Object *obj)
{
static char part[] = "ch_0.text";
int i;
struct tm *t;
time_t temp;
ELM_CALENDAR_DATA_GET(obj, sd);
elm_layout_freeze(obj);
sd->filling = EINA_TRUE;
t = gmtime(&temp);
....
}
MuseScore
V614 Uninitialized variable 'pageWidth' used. Consider checking the third actual argument of the 'doCredits' function. importmxmlpass1.cpp 944
void MusicXMLParserPass1::scorePartwise()
{
....
int pageWidth;
int pageHeight;
while (_e.readNextStartElement()) {
if (_e.name() == "part")
part();
else if (_e.name() == "part-list") {
doCredits(_score, credits, pageWidth, pageHeight);// <= USE
partList(partGroupList);
}
....
else if (_e.name() == "defaults")
defaults(pageWidth, pageHeight); // <= INIT
....
}
....
}
Ardour
V614 Uninitialized variable 'req.height' used. Consider checking the second actual argument of the 'set_size_request' function. time_axis_view.cc 159
TimeAxisView::TimeAxisView (....)
{
....
boost::scoped_ptr<Gtk::Entry> an_entry (new FocusEntry);
an_entry->set_name (X_("TrackNameEditor"));
Gtk::Requisition req;
an_entry->size_request (req);
name_label.set_size_request (-1, req.height);
name_label.set_ellipsize (Pango::ELLIPSIZE_MIDDLE);
....
}
void size_request(const Requisition& requisition);
RT-Thread
V614 CWE-457 Uninitialized variable 'command.result[0]' used. lpc_iap.c 187
typedef struct {
uint32_t cmd; // Command
uint32_t param[4]; // Parameters
uint32_t status; // status code
uint32_t result[4]; // Result
} IAP_COMMAND_Type;
IAP_STATUS_CODE BlankCheckSector(
uint32_t start_sec, uint32_t end_sec,
uint32_t *first_nblank_loc,
uint32_t *first_nblank_val)
{
IAP_COMMAND_Type command;
command.cmd = IAP_BLANK_CHECK;
command.param[0] = start_sec;
command.param[1] = end_sec;
IAP_Call (&command.cmd, &command.status);
if(command.status == SECTOR_NOT_BLANK)
{
// Update out value
if(first_nblank_loc != NULL)
*first_nblank_loc = command.result[0];
if(first_nblank_val != NULL)
*first_nblank_val = command.result[1];
}
return (IAP_STATUS_CODE)command.status;
}
Similar errors can be found in some other places:
- V614 CWE-457 Uninitialized variable 'command.result[1]' used. lpc_iap.c 189
- V614 CWE-457 Uninitialized variable 'command.result[0]' used. lpc_iap.c 236
- V614 CWE-457 Uninitialized variable 'command.result[i]' used. lpc_iap.c 264
RT-Thread
V614 CWE-457 Uninitialized variable 'k' used. lpc_lcd.c 510
void LCD_PutPixel (LCD_PANEL panel, uint32_t X_Left,
uint32_t Y_Up, LcdPixel_t color)
{
uint32_t k;
uint32_t * pWordData = NULL;
uint8_t* pByteData = NULL;
uint32_t bitOffset;
uint8_t* pByteSrc = (uint8_t*)&color;
uint8_t bpp = bits_per_pixel[lcd_config.lcd_bpp];
uint8_t bytes_per_pixel = bpp/8;
uint32_t start_bit;
if((X_Left >= lcd_hsize)||(Y_Up >= lcd_vsize))
return;
if(panel == LCD_PANEL_UPPER)
pWordData = (uint32_t*) LPC_LCD->UPBASE +
LCD_GetWordOffset(X_Left,Y_Up);
else
pWordData = (uint32_t*) LPC_LCD->LPBASE +
LCD_GetWordOffset(X_Left,Y_Up);
bitOffset = LCD_GetBitOffset(X_Left,Y_Up);
pByteData = (uint8_t*) pWordData;
pByteData += bitOffset/8;
start_bit = bitOffset%8;
if(bpp < 8)
{
uint8_t bit_pos = start_bit;
uint8_t bit_ofs = 0;
for(bit_ofs = 0;bit_ofs <bpp; bit_ofs++,bit_pos++)
{
*pByteData &= ~ (0x01 << bit_pos);
*pByteData |=
((*pByteSrc >> (k+bit_ofs)) & 0x01) << bit_pos; // <=
}
}
....
}
Android
V614 CWE-457 Uninitialized variable 't.tv_nsec' used. clock_ns.h 55
struct timespec
{
__time_t tv_sec; /* Seconds. */
long int tv_nsec; /* Nanoseconds. */
};
static inline timespec NsToTimespec(int64_t ns) {
timespec t;
int32_t remainder;
t.tv_sec = ns / kNanosPerSecond;
remainder = ns % kNanosPerSecond;
if (remainder < 0) {
t.tv_nsec--;
remainder += kNanosPerSecond;
}
t.tv_nsec = remainder;
return t;
}
Android
V614 CWE-824 Potentially uninitialized pointer 'p_opt' used. Consider checking the second actual argument of the 'memcpy' function. mca_main.cc 252
void mca_set_cfg_by_tbl(....) {
tMCA_DCB* p_dcb;
const tL2CAP_FCR_OPTS* p_opt;
tMCA_FCS_OPT fcs = MCA_FCS_NONE;
if (p_tbl->tcid == MCA_CTRL_TCID) {
p_opt = &mca_l2c_fcr_opts_def;
} else {
p_dcb = mca_dcb_by_hdl(p_tbl->cb_idx);
if (p_dcb) {
p_opt = &p_dcb->p_chnl_cfg->fcr_opt;
fcs = p_dcb->p_chnl_cfg->fcs;
}
}
memset(p_cfg, 0, sizeof(tL2CAP_CFG_INFO));
p_cfg->mtu_present = true;
p_cfg->mtu = p_tbl->my_mtu;
p_cfg->fcr_present = true;
memcpy(&p_cfg->fcr, p_opt, sizeof(tL2CAP_FCR_OPTS)); // <=
....
}
System Shock
V614 Potentially uninitialized pointer 'pc1' used. AI.C 597
typedef enum ObjClass {
CLASS_GUN,
CLASS_AMMO,
CLASS_PHYSICS,
....
CLASS_CRITTER,
....
} ObjClass;
errtype do_random_loot(ObjID corpse)
{
int *pc1, *pc2;
if (....)
{
switch (objs[corpse].obclass)
{
case CLASS_CONTAINER:
....
*pc1 = 0;
*pc2 = 0;
break;
case CLASS_SMALLSTUFF:
....
pc1 = &objSmallstuffs[osid].data1;
pc2 = &objSmallstuffs[osid].data2;
break;
}
if (*pc1 == 0)
{
....
}
if (*pc2 == 0)
{
....
}
}
....
}
Similar errors can be found in some other places:
- V614 Potentially uninitialized pointer 'pc2' used. AI.C 609
System Shock
V614 Uninitialized variable 'err' used. EVENT.C 953
errtype uiInit(uiSlab* slab)
{
....
errtype err;
....
// err = ui_init_cursors();
....
if (err != OK) return err;
....
}
NCBI Genome Workbench
V614 Uninitialized variable 'm_BitSet' used. SnpBitAttributes.hpp 187
/// SNP bit attribute container.
class CSnpBitAttributes
{
public:
....
private:
/// Internal storage for bits.
Uint8 m_BitSet;
};
inline CSnpBitAttributes::CSnpBitAttributes(Uint8 bits) : m_BitSet(bits)
{
}
inline CSnpBitAttributes::CSnpBitAttributes(const vector<char>& octet_string)
{
auto count = sizeof(m_BitSet);
auto byte = octet_string.end();
do
m_BitSet = (m_BitSet << 8) | *--byte;
while (--count > 0);
}
Haiku Operation System
V614 Uninitialized pointer 'res' used. commands.c 2873
struct addrinfo {
int ai_flags;
int ai_family;
int ai_socktype;
int ai_protocol;
socklen_t ai_addrlen;
char *ai_canonname;
struct sockaddr *ai_addr;
struct addrinfo *ai_next;
};
static int
sourceroute(struct addrinfo *ai, char *arg, char **cpp,
int *lenp, int *protop, int *optp)
{
static char buf[1024 + ALIGNBYTES];
char *cp, *cp2, *lsrp, *ep;
struct sockaddr_in *_sin;
#ifdef INET6
struct sockaddr_in6 *sin6;
struct ip6_rthdr *rth;
#endif
struct addrinfo hints, *res; // <=
int error;
char c;
if (cpp == NULL || lenp == NULL)
return -1;
if (*cpp != NULL) {
switch (res->ai_family) { // <=
case AF_INET:
if (*lenp < 7)
return -1;
break;
....
}
}
....
}
error = getaddrinfo(cp, NULL, &hints, &res);
Haiku Operation System
V614 Uninitialized variable 'rval' used. fetch.c 1727
int
auto_fetch(int argc, char *argv[])
{
volatile int argpos;
int rval;
argpos = 0;
if (sigsetjmp(toplevel, 1)) {
if (connected)
disconnect(0, NULL);
if (rval > 0)
rval = argpos + 1;
return (rval);
}
....
}
CMake
V614 Uninitialized pointer 'str' used. cmVSSetupHelper.h 80
class SmartBSTR
{
public:
SmartBSTR() { str = NULL; }
SmartBSTR(const SmartBSTR& src)
{
if (src.str != NULL) {
str = ::SysAllocStringByteLen((char*)str, ::SysStringByteLen(str));
} else {
str = ::SysAllocStringByteLen(NULL, 0);
}
}
....
};
Espressif IoT Development Framework
V614 Uninitialized buffer 'hex' used. Consider checking the second actual argument of the 'memcpy' function. wps_registrar.c 1657
int wps_build_cred(struct wps_data *wps, struct wpabuf *msg)
{
....
} else if (wps->use_psk_key && wps->wps->psk_set) {
char hex[65];
wpa_printf(MSG_DEBUG, "WPS: Use PSK format for Network Key");
os_memcpy(wps->cred.key, hex, 32 * 2);
wps->cred.key_len = 32 * 2;
} else if (wps->wps->network_key) {
....
}
Similar errors can be found in some other places:
- V614 Uninitialized buffer 'hex' used. Consider checking the second actual argument of the 'memcpy' function. wps_registrar.c 1678
Espressif IoT Development Framework
V614 Potentially uninitialized buffer 'seq' used. Consider checking the first actual argument of the 'strlen' function. linenoise.c 435
void refreshShowHints(struct abuf *ab, struct linenoiseState *l, int plen) {
char seq[64];
if (hintsCallback && plen+l->len < l->cols) {
int color = -1, bold = 0;
char *hint = hintsCallback(l->buf,&color,&bold);
if (hint) {
int hintlen = strlen(hint);
int hintmaxlen = l->cols-(plen+l->len);
if (hintlen > hintmaxlen) hintlen = hintmaxlen;
if (bold == 1 && color == -1) color = 37;
if (color != -1 || bold != 0)
snprintf(seq,64,"\033[%d;%d;49m",bold,color);
abAppend(ab,seq,strlen(seq)); // <=
abAppend(ab,hint,hintlen);
if (color != -1 || bold != 0)
abAppend(ab,"\033[0m",4);
/* Call the function to free the hint returned. */
if (freeHintsCallback) freeHintsCallback(hint);
}
}
}
Espressif IoT Development Framework
V614 Potentially uninitialized buffer 'k' used. Consider checking the second actual argument of the 'sae_derive_keys' function. sae.c 854
int sae_process_commit(struct sae_data *sae)
{
u8 k[SAE_MAX_PRIME_LEN];
if (sae->tmp == NULL ||
(sae->tmp->ec && sae_derive_k_ecc(sae, k) < 0) ||
(sae->tmp->dh && sae_derive_k_ffc(sae, k) < 0) ||
sae_derive_keys(sae, k) < 0)
return ESP_FAIL;
return ESP_OK;
}
Darwin-XNU
V614 Uninitialized variable 'best' used. sdt.c 572
void
sdt_early_init( void )
{
....
if (MH_MAGIC_KERNEL != _mh_execute_header.magic) {
....
} else {
....
for (....) {
const char *funcname;
unsigned long best;
....
funcname = "<unknown>";
for (i = 0; i < orig_st->nsyms; i++) {
char *jname = strings + sym[i].n_un.n_strx;
....
if ((unsigned long)sym[i].n_value > best) {
best = (unsigned long)sym[i].n_value;
funcname = jname;
}
}
....
}
}
LLVM/Clang
V614 [CWE-457, CERT-EXP53-CPP] Potentially uninitialized variable 'PointerEdgeKind' used. EHFrameSupport.cpp 704
Expected<std::pair<JITTargetAddress, Edge::Kind>>
EHFrameEdgeFixer::readEncodedPointer(uint8_t PointerEncoding,
JITTargetAddress PointerFieldAddress,
BinaryStreamReader &RecordReader) {
....
Edge::Kind PointerEdgeKind;
switch (EffectiveType) {
case DW_EH_PE_udata4: {
....
PointerEdgeKind = Delta32;
break;
}
case DW_EH_PE_udata8: {
....
PointerEdgeKind = Delta64;
break;
}
case DW_EH_PE_sdata4: {
....
PointerEdgeKind = Delta32;
break;
}
case DW_EH_PE_sdata8: {
....
PointerEdgeKind = Delta64;
break;
}
}
if (PointerEdgeKind == Edge::Invalid)
return make_error<JITLinkError>(
"Unspported edge kind for encoded pointer at " +
formatv("{0:x}", PointerFieldAddress));
return std::make_pair(Addr, Delta64);
}
Similar errors can be found in some other places:
- V614 [CWE-457, CERT-EXP53-CPP] Potentially uninitialized variable 'Result' used. llvm-rtdyld.cpp 998
Protocol Buffers
V614 [CWE-457] Potentially null smart pointer 'file_generator' used. java_kotlin_generator.cc 100
bool KotlinGenerator::Generate(....)
{
....
std::unique_ptr<FileGenerator> file_generator;
if (file_options.generate_immutable_code) {
file_generator.reset(
new FileGenerator(file, file_options, /* immutable_api = */ true));
}
if (!file_generator->Validate(error)) {
return false;
}
....
}
DuckStation
V614 The 'host_interface' smart pointer is utilized immediately after being declared or reset. It is suspicious that no value was assigned to it. main.cpp 45
static std::unique_ptr<NoGUIHostInterface> CreateHostInterface()
{
const char* platform = std::getenv("DUCKSTATION_NOGUI_PLATFORM");
std::unique_ptr<NoGUIHostInterface> host_interface;
#ifdef WITH_SDL2
if ( !host_interface && (!platform
|| StringUtil::Strcasecmp(platform, "sdl") == 0)
&& IsSDLHostInterfaceAvailable())
{
host_interface = SDLHostInterface::Create(); }
}
#endif
#ifdef WITH_VTY
if ( !host_interface && (!platform
|| StringUtil::Strcasecmp(platform, "vty") == 0))
{
host_interface = VTYHostInterface::Create();
}
#endif
#ifdef _WIN32
if ( !host_interface && (!platform
|| StringUtil::Strcasecmp(platform, "win32") == 0))
{
host_interface = Win32HostInterface::Create();
}
#endif
return host_interface;
}
Ogre3D
V614 Uninitialized variable 'lodLevel.reductionValue' used. main.cpp 806
struct _OgreLodExport LodLevel
{
// ....
VertexReductionMethod reductionMethod;
Real reductionValue;
// ....
};
// ....
numLod = opts.numLods;
LodLevel lodLevel; // <=
lodLevel.distance = 0.0;
for (unsigned short iLod = 0; iLod < numLod; ++iLod)
{
lodLevel.reductionMethod = opts.usePercent
? LodLevel::VRM_PROPORTIONAL
: LodLevel::VRM_CONSTANT;
if (opts.usePercent)
{
lodLevel.reductionValue += opts.lodPercent * 0.01f; // <=
}
else
{
lodLevel.reductionValue += (Ogre::Real)opts.lodFixed; // <=
}
lodLevel.distance += opts.lodDist;
lodConfig.levels.push_back(lodLevel);
}
In this code fragment, the LodLevel structure is declared. It does not have a user-defined default constructor and default member initializers for non-static class data members.
Captain Blood
V614 [CWE-457, CERT-EXP53-CPP] Uninitialized variable 'color.c' used. Color.h 1268
class DColor
{
public:
union
{
#ifndef _XBOX
struct
{
unsigned char b;
unsigned char g;
unsigned char r;
unsigned char a;
};
#else
struct
{
unsigned char a;
unsigned char r;
unsigned char g;
unsigned char b;
};
#endif
union
{
dword c;
dword color;
};
};
mathinline dword mathcall Color::GetDword() const
{
DColor color;
color.r = (byte)(r * 255.0f);
color.g = (byte)(g * 255.0f);
color.b = (byte)(b * 255.0f);
color.a = (byte)(a * 255.0f);
return color.c;
}
CodeLite
V614 Uninitialized buffer 'buf' used. Consider checking the first actual argument of the 'Write' function. wxSerialize.cpp:1039
bool wxSerialize::WriteDouble(wxFloat64 value)
{
if (CanStore())
{
SaveChar(wxSERIALIZE_HDR_DOUBLE);
wxInt8 buf[10];
m_odstr.Write(buf, 10);
}
return IsOk();
}
Similar errors can be found in some other places:
- V614 Potentially uninitialized pointer 'm_item' used. wxc_aui_tool_stickiness.cpp:8
- V614 Potentially uninitialized variable 'err' used. cppcheck.cpp:175
- V614 The 'p' smart pointer is utilized immediately after being declared or reset. It is suspicious that no value was assigned to it. connection_impl.hpp:2200
GCC
V614 Uninitialized variable 'func_info.ctc_flags' used. gcc/dwarf2ctf.cc 676
static ctf_id_t
gen_ctf_function_type (ctf_container_ref ctfc,
dw_die_ref function,
bool from_global_func)
{
....
ctf_funcinfo_t func_info;
....
{
....
if (....)
{
do
{
....
if (....)
....
else if (....)
{
func_info.ctc_flags |= CTF_FUNC_VARARG;
....
}
}
}
....
}
....
}
Dagor Engine
V614 Uninitialized pointer 'module' used. DagorEngine/prog/1stPartyLibs/daScript/src/builtin/module_builtin_ast_serialize.cpp 1303
void ExprField::serialize ( AstSerializer & ser ) {
....
Module * module; ser << module;
....
}
AstSerializer & AstSerializer::operator << ( Module * & module ) {
bool is_null = module == nullptr;
....
}
Blender
V614 Uninitialized buffer 'init_co' used. Consider checking the seventh actual argument of the 'gpencil_add_new_points' function. gpencil_curve_legacy.cc 439
static void gpencil_convert_spline(....)
{
....
float init_co[3];
switch (nu->type) {
case CU_POLY:
{
....
}
case CU_BEZIER:
{
....
}
case CU_NURBS:
{
if (nu->pntsv == 1)
{
....
gpencil_add_new_points (gps, coord_array, 1.0f, 1.0f, 0,
gps->totpoints, init_co, false); // <=
....
}
default:
{
break;
}
}
Similar errors can be found in some other places:
- V614 Uninitialized variable 'efd.distance' used. boids.cc 133
- V614 Potentially uninitialized pointer 'g_prev' used. Consider checking the third actual argument of the 'blf_font_width_to_strlen_glyph_process' function. blf_font.cc 784
- V614 Uninitialized variable 'dummy_matrix[0][0]' used. Consider checking the first actual argument of the 'GPU_uniform' function. node_shader_tex_coord.cc 43
Xenia
V614 Uninitialized variable 'desc.page_count' used. xex_module.cc 594
struct xex2_page_descriptor
{
union
{
xe::be<uint32_t> value; // 0x0
struct
{
xex2_section_type info : 4;
uint32_t page_count : 28;
};
};
char data_digest[0x14]; // 0x4
};
int XexModule::ReadImageBasicCompressed(....)
{
....
for (uint32_t i = 0; i < xex_security_info()->page_descriptor_count; i++)
{
// Byteswap the bitfield manually.
xex2_page_descriptor desc;
desc.value = xe::byte_swap(
xex_security_info()->page_descriptors[i].value);
total_size += desc.page_count * heap->page_size(); // <=
}
....
}
When working with union in C++, we can read only from the active data member that was last written to. Otherwise, the behavior is undefined. This sets C++ apart from C, where we can write to one data member and read from another.
Similar errors can be found in some other places:
- V614 Uninitialized variable 'desc.page_count' used. xex_module.h 89
- V614 Uninitialized variable 'desc.page_count' used. xex_module.cc 995
- V614 Uninitialized variable 'desc.info' used. xex_module.cc 996
- And 4 additional diagnostic messages.
Xenia
V614 The 'backend' smart pointer is utilized immediately after being declared or reset. It is suspicious that no value was assigned to it. ppc_testing_main.cc 201
bool Setup(TestSuite& suite)
{
// Reset memory.
memory_->Reset();
std::unique_ptr<xe::cpu::backend::Backend> backend;
if (!backend)
{
#if XE_ARCH_AMD64
if (cvars::cpu == "x64")
{
backend.reset(new xe::cpu::backend::x64::X64Backend());
}
#endif // XE_ARCH
if (cvars::cpu == "any")
{
if (!backend)
{
#if XE_ARCH_AMD64
backend.reset(new xe::cpu::backend::x64::X64Backend());
#endif // XE_ARCH
}
}
}
....
}
The std::unique_ptr constructor creates an object and initializes it to null by default. That's why the check after the declaration doesn't matter; the control flow will always proceed to the then branch.