To get a trial key
fill out the form below
Team License (a basic version)
Enterprise License (extended version)
* By clicking this button you agree to our Privacy Policy statement

Request our prices
New License
License Renewal
--Select currency--
USD
EUR
GBP
RUB
* By clicking this button you agree to our Privacy Policy statement

Free PVS-Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
>
Examples of errors detected by the V774…

Examples of errors detected by the V774 diagnostic

V774. Pointer was used after the memory was released.


Augeas

V774 The 'child' pointer was used after the memory was reallocated. augtool.c 151


static char *readline_path_generator(const char *text, int state)
{
  ....
  if (ctx != NULL) {
    char *c = realloc(child, strlen(child)-strlen(ctx)+1);  // <=
    if (c == NULL)
      return NULL;
    int ctxidx = strlen(ctx);
    if (child[ctxidx] == SEP)                               // <=
      ctxidx++;
    strcpy(c, &child[ctxidx]);                              // <=
    child = c;
  }
  ....
}

Similar errors can be found in some other places:

  • V774 The 'child' pointer was used after the memory was reallocated. augtool.c 153

Bind

V774 The 'res' pointer was used after the memory was released. sample-request.c 225


int
main(int argc, char *argv[]) {
  ....
  struct addrinfo hints, *res;
  ....
  gaierror = getaddrinfo(argv[0], "53", &hints, &res);
  ....
  memmove(&sa.type, res->ai_addr, res->ai_addrlen);
  freeaddrinfo(res);                                    // <=
  sa.length = (unsigned int)res->ai_addrlen;            // <=
  ....
}

Similar errors can be found in some other places:

  • V774 The 'res' pointer was used after the memory was released. sample-update.c 193
  • V774 The 'res' pointer was used after the memory was released. sample-update.c 217

MuseScore

V774 The 'slur' pointer was used after the memory was released. importgtp-gp6.cpp 2072


void GuitarPro6::readGpif(QByteArray* data)
{
  if (c) {
    slur->setTick2(c->tick());
    score->addElement(slur);
    legatos[slur->track()] = 0;
  }
  else {
    delete slur;
    legatos[slur->track()] = 0;
  }
}

ICU

V774 CWE-416 The 'mzMappings' pointer was used after the memory was released. zonemeta.cpp 713


UVector*
ZoneMeta::createMetazoneMappings(const UnicodeString &tzid) {
  UVector *mzMappings = NULL;
  ....
  if (U_SUCCESS(status)) {
    ....
    if (U_SUCCESS(status)) {
      ....
      while (ures_hasNext(rb)) {
        ....
        if (mzMappings == NULL) {
          mzMappings = new UVector(
            deleteOlsonToMetaMappingEntry, NULL, status);
          if (U_FAILURE(status)) {
            delete mzMappings;
            uprv_free(entry);
            break;
          }
        }
        ....
      }
      ....
    }
  }
  ures_close(rb);
  return mzMappings;
}

Code is complicated and I find it difficult to say exactly, if there is a bug or not. But it seems to me, it is possible that this function will return a pointer to the memory block being freed.


Qalculate!

V774 The 'cu' pointer was used after the memory was released. Calculator.cc 3595


MathStructure Calculator::convertToBestUnit(....)
{
  ....
  CompositeUnit *cu = new CompositeUnit("", "....");
  cu->add(....);
  Unit *u = getBestUnit(cu, false, eo.local_currency_conversion);
  if(u == cu) {
    delete cu;                                   // <=
    return mstruct_new;
  }
  delete cu;                                     // <=
  if(eo.approximation == APPROXIMATION_EXACT &&
     cu->hasApproximateRelationTo(u, true)) {    // <=
    if(!u->isRegistered()) delete u;
    return mstruct_new;
  }
  ....
}

Haiku Operation System

V774 The 'device' pointer was used after the memory was released. xhci.cpp 1572


void
XHCI::FreeDevice(Device *device)
{
  uint8 slot = fPortSlots[device->HubPort()];
  TRACE("FreeDevice() port %d slot %d\n", device->HubPort(), slot);

  // Delete the device first, so it cleans up its pipes and tells us
  // what we need to destroy before we tear down our internal state.
  delete device;

  DisableSlot(slot);
  fDcba->baseAddress[slot] = 0;
  fPortSlots[device->HubPort()] = 0;
  delete_area(fDevices[slot].trb_area);
  delete_area(fDevices[slot].input_ctx_area);
  delete_area(fDevices[slot].device_ctx_area);

  memset(&fDevices[slot], 0, sizeof(xhci_device));
  fDevices[slot].state = XHCI_STATE_DISABLED;
}

Similar errors can be found in some other places:

  • V774 The 'self' pointer was used after the memory was released. TranslatorRoster.cpp 884
  • V774 The 'string' pointer was used after the memory was released. RemoteView.cpp 1269
  • V774 The 'bs' pointer was used after the memory was released. mkntfs.c 4291
  • And 2 additional diagnostic messages.

MuseScore

V774 The 'slur' pointer was used after the memory was released. importgtp-gp6.cpp 2592


void GuitarPro6::readGpif(QByteArray* data)
{
  ....
  if (c) {
    slur->setTick2(c->tick());
    score->addElement(slur);
    legatos[slur->track()] = 0;
  } else {
    delete slur;
    legatos[slur->track()] = 0;
  }
  ....
}

This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept