Unicorn with delicious cookie
Nous utilisons des cookies pour améliorer votre expérience de navigation. En savoir plus
to the top
Examples of errors detected by the V108…

Examples of errors detected by the V1086 diagnostic

V1086. Call of the 'Foo' function will lead to buffer underflow.

SMTP Client

V1086 A call of the 'memset' function will lead to a buffer underflow. CSmtp md5.cpp 212

void MD5::finalize () {
  uint1 buffer[64];
  // Zeroize sensitive information
  memset (buffer, 0, sizeof(*buffer));

Most likely this is what should be written here: memset (buffer, 0, sizeof(buffer));

Fennec Media

V1086 A call of the 'memset' function will lead to a buffer underflow. base windows.c 150

#define uinput_size       1024
typedef wchar_t letter;

letter  uinput_text[uinput_size];

string basewindows_getuserinput(const string title,
  const string cap, const string dtxt)
  memset(uinput_text, 0, uinput_size);

At the first sight, everything is fine with "memset(uinput_text, 0, uinput_size);". Perhaps it even was fine when the 'letter' type was 'char'. But now this is 'wchar_t', which results in zeroing only half of the buffer.

Fennec Media

V1086 A call of the 'memset' function will lead to a buffer underflow. base windows.c 2892

typedef wchar_t letter;

letter name[30];

int Conv_EqualizerProc(HWND hwnd,UINT uMsg,
  WPARAM wParam,LPARAM lParam)
  memset(eqp.name, 0, 30);

This is what should have been written here: sizeof(letter) * 30


V1086 A call of the memset function will lead to a buffer underflow. dockingmanager.cpp 78

#define CONT_MAP_MAX 50
int _iContMap[CONT_MAP_MAX];
  memset(_iContMap, -1, CONT_MAP_MAX);

This is what should have been written here: memset(_iContMap, -1, CONT_MAP_MAX * sizeof(int));

Wolfenstein 3D

V1086 A call of the 'memset' function will lead to a buffer underflow. cgame bg_animation.c 999

typedef struct
  short int bodyPart[2];
  short int animIndex[2];
  short int animDuration[2];
  short int soundIndex;
  short int accShowBits;
  short int accHideBits;
} animScriptCommand_t;

void BG_ParseCommands(....) {
  animScriptCommand_t *command = NULL;
  memset( command, 0, sizeof( command ) );

This is what should have been written here: sizeof(*command)

Wolfenstein 3D

V1086 A call of the 'memset' function will lead to a buffer underflow. wolf cvar.c 764

typedef struct cvar_s {
  char        *name;
  struct cvar_s *hashNext;
} cvar_t;

void Cvar_Restart_f( void ) {
  cvar_t  *var;
  memset( var, 0, sizeof( var ) );

This is what should have been written here: memset( var, 0, sizeof( *var ) );

Newton Game Dynamics

V1086 A call of the 'memset' function will lead to a buffer underflow. physics dgcollisioncompoundbreakable.cpp 702

dgCollisionCompoundBreakable::dgCollisionCompoundBreakable (....)
  dgInt32 faceOffsetHitogram[256];
  dgSubMesh* mainSegmenst[256];
  memset(faceOffsetHitogram, 0, sizeof(faceOffsetHitogram));
  memset(mainSegmenst, 0, sizeof(faceOffsetHitogram));

A 64-bit error. These are the consequences of Copy-Paste. In a 64-bit program, the pointer size will become non-equal to the dgint32 size and we will clear only a part of the mainSegmenst array.

Miranda IM

V1086 A call of the 'memcpy' function will lead to a buffer underflow. tabsrmm utils.cpp 1080

typedef struct _textrangew
  LPWSTR lpstrText;

const wchar_t* Utils::extractURLFromRichEdit(....)
  ::CopyMemory(tr.lpstrText, L"mailto:", 7);

This is what should have been written here: sizeof(wchar_t) * 7


V1086 A call of the 'memset' function will lead to underflow of the buffer '(exploded)'. base time_win.cc 227

void Time::Explode(bool is_local, Exploded* exploded) const
  ZeroMemory(exploded, sizeof(exploded));

This is what should have been written here: sizeof(*exploded)


V1086 A call of the 'memset' function will lead to underflow of the buffer '(exploded)'. platform time_win.cc 116

void NaCl::Time::Explode(bool is_local,
                         Exploded* exploded) const
  ZeroMemory(exploded, sizeof(exploded));

This is what should have been written here: sizeof(*exploded)


V1086 A call of the 'memset' function will lead to underflow of the buffer 's_attr_table'. qt3to4 cpplexer.cpp 77

int s_attr_table[256];

void CppLexer::setupScanTable()
  memset(s_attr_table, 0, 256);

This is what should have been written here: sizeof(int) * 256

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 's_attr_table'. qt3to4 rpplexer.cpp 60

Apache HTTP Server

V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. apr sha2.c 560

#define MEMSET_BZERO(p,l)       memset((p), 0, (l))

void apr__SHA256_Final(sha2_byte digest[],
                       SHA256_CTX* context) {
  MEMSET_BZERO(context, sizeof(context));

This is what should have been written here: sizeof(*context)

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. apr sha2.c 581
  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. apr sha2.c 892
  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. apr sha2.c 912
  • And 2 additional diagnostic messages.

Energy Checker SDK

V1086 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 683

#define PL_MAX_PATH 255
TCHAR pl_cvt_buffer[PL_MAX_PATH] = { '\0' };

int plh_read_pl_config_ini_file(....)

This is what should have been written here: PL_MAX_PATH * sizeof(TCHAR)

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 714
  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 745
  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 789
  • And 5 additional diagnostic messages.

Energy Checker SDK

V1086 A call of the 'memset' function will lead to underflow of the buffer 'pconfig'. pl_csv_logger productivity_link_helper.c 1806

typedef struct _plh_dynamic_pl_folder_info {

int plh_dynamic_read_pl_folder(

This is what should have been written here: sizeof(*pconfig)

Energy Checker SDK

V1086 A call of the 'memset' function will lead to underflow of the buffer 'temp'. core_api_unit_tests unit_tests_tools.c 379

void plt_tools_get_pl_config_full_file_name(char *buffer) {
  char temp[PL_MAX_PATH] = { '\0' };

This is what should have been written here: sizeof(temp)

Far Manager

V1086 A call of the 'memset' function will lead to underflow of the buffer 'PInfo'. far filelist.cpp 672

__int64 FileList::VMProcess(int OpCode,void *vParam,
                            __int64 iParam)
  PluginInfo *PInfo=(PluginInfo *)vParam;

This is what should have been written here: memset(PInfo, 0, sizeof(PluginInfo));


V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'buffer'. user32 dllmain.c 162

  RtlCopyMemory(buffer, szAppInit, KEY_LENGTH);

Multiplication by sizeof(WCHAR) is missing, which causes copying only half of the data. This is what the code should look like: RtlCopyMemory(buffer, szAppInit, KEY_LENGTH * sizeof(WCHAR)).


V1086 A call of the 'memset' function will lead to underflow of the buffer '((file_path))'. sndrec32 sndrec32.cpp 769

TCHAR file_path[MAX_PATH];

#define MAX_PATH 260

WndProc( HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam )
  ZeroMemory( file_path, MAX_PATH );

This is what should have been written here: ZeroMemory( file_path, MAX_PATH * sizeof(TCHAR));

Similar errors can be found in some other places:

  • V1086 A call of the 'memcpy' function will lead to a buffer underflow. smss client.c 442


V1086 A call of the 'memset' function will lead to underflow of the buffer '((pfd))'. shell32 pidl.c 1160

  WIN32_FIND_DATAW * pfd = dest;
  ZeroMemory(pfd, sizeof (WIN32_FIND_DATAA));

This is what should have been written here: sizeof(WIN32_FIND_DATAW)


V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. rsaenh sha2.c 991

#define MEMSET_BZERO(p,l) memset((p), 0, (l))

char *SHA384_End(SHA384_CTX* context, char buffer[]) {
  MEMSET_BZERO(context, sizeof(context));

This is what should have been written here: sizeof(*context).

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. rsaenh sha2.c 566
  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. rsaenh sha2.c 587
  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. rsaenh sha2.c 896
  • And 2 additional diagnostic messages.

IPP Samples

V1086 A call of the 'memset' function will lead to underflow of the buffer 'MEParams'. vc1_enc umc_vc1_enc_adv.cpp 1767

VC1EncoderADV::SetMEParams_I_Field(UMC::MeParams* MEParams)
  UMC::Status umcSts    UMC::UMC_OK;

This is what should have been written here: memset(MEParams,0,sizeof(*MEParams));

Doom 3

V1086 A call of the 'memset' function will lead to underflow of the buffer 'ase.currentMesh'. DoomDLL model_ase.cpp 731

aseMesh_t *currentMesh;

static void ASE_KeyGEOMOBJECT( const char *token )
  ase.currentMesh = &ase.currentObject->mesh;
  memset( ase.currentMesh, 0, sizeof( ase.currentMesh ) );

This is what should have been written here: memset( ase.currentMesh, 0, sizeof( *ase.currentMesh ) );

Doom 3

V1086 A call of the 'memset' function will lead to underflow of the buffer '& cluster'. DoomDLL aasfile.cpp 1312

void idAASFileLocal::DeleteClusters( void ) {
  memset( &portal, 0, sizeof( portal ) );
  portals.Append( portal );

  // first cluster is a dummy
  memset( &cluster, 0, sizeof( portal ) );
  clusters.Append( cluster );

This is what should have been written here: memset( &cluster, 0, sizeof( cluster ) );

Mozilla Firefox

V1086 A call of the 'memset' function will lead to underflow of the buffer '(exploded)'. time_win.cc 198

void Time::Explode(bool is_local, Exploded* exploded) const {
  ZeroMemory(exploded, sizeof(exploded));

This is what should have been written here: ZeroMemory(exploded, sizeof(*exploded));

ADAPTIVE Communication Environment (ACE)

V1086 A call of the 'memcmp' function will lead to underflow of the buffer 'expected_msg.payload'. Send_Msg_Receiver receiver.cpp 109

struct Message
  unsigned int sn;
  unsigned short payload[payload_size];

ACE_TMAIN (int argc, ACE_TCHAR* argv[])
  if (ACE_OS::memcmp (expected_msg.payload,
                      payload_size) != 0)
    damaged[msg.sn] = 1;

Most likely this is what should be written here: payload_size * sizeof(short)

Similar errors can be found in some other places:

  • V1086 A call of the 'memcmp' function will lead to underflow of the buffer 'expected_msg.payload'. RMCast_Receiver receiver.cpp 102

ADAPTIVE Communication Environment (ACE)

V1086 A call of the 'memset' function will lead to underflow of the buffer 'old_state'. thread.inl 172

ACE_Thread::disablecancel (struct cancel_state *old_state)
  ACE_OS::memset (old_state,
                  sizeof (old_state));


V1086 A call of the 'memset' function will lead to underflow of the buffer 'MapView'. DeSmuME_VS2005 mapview.cpp 204

mapview_struct *MapView = NULL;

BOOL CALLBACK ViewMapsProc (HWND hwnd, UINT message,
                            WPARAM wParam, LPARAM lParam)
  MapView = new mapview_struct;
  memset(MapView, 0, sizeof(MapView));

This is what should have been written here: memset(MapView, 0, sizeof(*MapView));


V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'state->m_spriteram16_buffered'. deco32.c 706

UINT16 m_spriteram16[0x1000];
UINT16 m_spriteram16_buffered[0x1000];

static WRITE32_HANDLER( deco32_buffer_spriteram_w )
  deco32_state *state =
         state->m_spriteram16, 0x1000);

This is what should have been written here: 0x1000 * sizeof(UINT16).


V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_rotate_ctrl'. wgp.c 949

UINT16      m_rotate_ctrl[8];

static MACHINE_RESET( wgp )
  wgp_state *state = machine.driver_data<wgp_state>();
  int i;

  state->m_banknum = 0;
  state->m_cpua_ctrl = 0xff;
  state->m_port_sel = 0;
  state->m_piv_ctrl_reg = 0;

  for (i = 0; i < 3; i++)
    state->m_piv_zoom[i] = 0;
    state->m_piv_scrollx[i] = 0;
    state->m_piv_scrolly[i] = 0;

  memset(state->m_rotate_ctrl, 0, 8);

Similar errors can be found in some other places:

  • V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'state->m_spriteram16_2_buffered'. deco32.c 726
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_playfield_code'. malzak.c 392


V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_control_0'. tumbleb.c 2065

UINT16 m_control_0[8];
#define ARRAY_LENGTH(x)  (sizeof(x) / sizeof(x[0]))

static MACHINE_RESET( tumbleb )
  memset(state->m_control_0, 0,

Most likely this is what should be written here: memset(state->m_control_0, 0, sizeof(state->m_control_0));

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_pmac_read'. megadriv.c 7156
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_pmac_write'. megadriv.c 7157
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_cart_is_genesis'. megatech.c 426
  • And 3 additional diagnostic messages.


V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_pstars_regs'. pgm.c 4458

UINT32 m_pstars_regs[16];

static DRIVER_INIT( pstar )
  memset(state->m_pstars_regs, 0, 16);

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_kb_regs'. pgm.c 4975
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_kb_regs'. pgm.c 4996
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_kb_regs'. pgm.c 5056
  • And 4 additional diagnostic messages.


V1086 A call of the 'memset' function will lead to underflow of the buffer 'rt'. perf_writer.c 80

void initialize(PERF_DATA_BLOCK *data,
  RuntimeSettings *rt, int argc, char **argv)
    memset(data, 0, sizeof(*data));
    memset(rt, 0, sizeof(*data));

Most likely this is what should be written here: memset(rt, 0, sizeof(*rt));.


V1086 A call of the 'memcmp' function will lead to underflow of the buffer 'u0'. netuser.c 247

static NET_API_STATUS test_netusermodals(
  struct libnetapi_ctx *ctx,
  const char *hostname)
  struct USER_MODALS_INFO_0 *u0 = NULL;
  struct USER_MODALS_INFO_0 *_u0 = NULL;
  if (memcmp(u0, _u0, sizeof(u0) != 0)) {
    printf("USER_MODALS_INFO_0 struct has changed!!!!\n");
    return -1;

Most likely this is what should be written here: sizeof(*u0).


V1086 A call of the 'memset' function will lead to underflow of the buffer 'win32op'. win32select.c 374

win32_dealloc(struct event_base *_base)
  struct win32op *win32op = _base->evbase;
  memset(win32op, 0, sizeof(win32op));

Windows 8 Driver Samples

V1086 A call of the 'memset' function will lead to underflow of the buffer 'wbuf'. ihvsampleextui.cpp 288

  WCHAR wbuf[128];
  ZeroMemory(wbuf, 128);

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'wbuf'. ihvsampleextui.cpp 369

Windows 8 Driver Samples

V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'deviceInfo->UnicodeSourceIp'. testapp.c 729

typedef struct _DEVICE_INFO
  WCHAR UnicodeSourceIp[MAX_LEN];
  WCHAR UnicodeDestIp[MAX_LEN];

PDEVICE_INFO FindDeviceInfo(....)
  PDEVICE_INFO    deviceInfo = NULL;
         InputInfo->SourceIp, MAX_LEN);
         InputInfo->DestIp, MAX_LEN);

Similar errors can be found in some other places:

  • V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'deviceInfo->UnicodeDestIp'. testapp.c 730


V1086 A call of the 'memset' function will lead to underflow of the buffer 'commandLine'. procinfo.cpp 278


static BOOL MatchProcess(....)
  TCHAR commandLine[MAX_PATH];
  memset(commandLine, 0, MAX_PATH);


V1086 A call of the 'memset' function will lead to underflow of the buffer 'm_szTitle'. toolbox.cpp 28




  memset(m_szTitle, 0, MAX_TOOLBOX_TITLE);

Multi Theft Auto

V1086 A call of the 'memset' function will lead to underflow of the buffer 'm_buffer'. sharedutil.hash.hpp 216

unsigned char m_buffer[64];

void CMD5Hasher::Finalize ( void )
  // Zeroize sensitive information
  memset ( m_buffer, 0, sizeof (*m_buffer) );


V1086 A call of the 'memset' function will lead to underflow of the buffer '& cht'. ramwatch.cpp 1199

struct ICheat
  uint32  address;
  uint32  new_val;
  uint32  saved_val;
  int     size;
  bool8   enabled;
  bool8   saved;
  char    name [22];
  int format;

struct SCheat
  uint32 address;
  uint8   byte;
  uint8   saved_byte;
  bool8  saved;

void RamWatchEnableCommand(....)
  struct ICheat cht;
  ZeroMemory(&cht, sizeof(struct SCheat));

Most likely this is what should be written here: ZeroMemory(&cht, sizeof(struct ICheat));

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer '& cht'. ram_search.cpp 1789
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'new_cheat'. wsnes9x.cpp 9924


V1086 A call of the 'memcmp' function will lead to underflow of the buffer '"GL_EXT_blend_subtract"'. Riza opengl.cpp 393

bool VDOpenGLBinding::Attach(....) {
  if (!memcmp(start, "GL_EXT_blend_subtract", 20))

strlen("GL_EXT_blend_subtract") == 21


V1086 A call of the 'memset' function will lead to underflow of the buffer 'ctx'. md5.c 180

void MD5Final(uint8_t digest[16], struct MD5Context *ctx)
  memset(ctx, 0, sizeof(ctx));  /* In case it's sensitive */


V1086 A call of the 'memset' function will lead to underflow of the buffer 'gim'. gifti_io.c 4097

int gifti_clear_gifti_image(gifti_image * gim)
  if(!gim) {
    fprintf(stderr,"** NULL in clear_gifti_image\n"); return 1;

  if( G.verb > 5 )
    fprintf(stderr,"-- clearing gifti_image\n");

  /* set the version and clear all pointers */
  memset(gim, 0, sizeof(gim));

Miranda NG

V1086 A call of the 'memset' function will lead to underflow of the buffer 'logfonts'. TabSRMM msglog.cpp 134



void TSAPI CacheLogFonts()
  int i;
  HDC hdc = GetDC(NULL);
  logPixelSY = GetDeviceCaps(hdc, LOGPIXELSY);
  ReleaseDC(NULL, hdc);

  ZeroMemory(logfonts, sizeof(LOGFONTA) * MSGDLGFONTCOUNT + 2);

Most likely this is what should be written here: ZeroMemory(logfonts, sizeof(LOGFONTA) * (MSGDLGFONTCOUNT + 2));

Miranda NG

V1086 A call of the 'memcpy' function will lead to underflow of the buffer 's_list'. Sessions utils.cpp 288

#define SIZEOF(X) (sizeof(X)/sizeof(X[0]))

int CheckForDuplicate(MCONTACT contact_list[], MCONTACT lparam)
  MCONTACT s_list[255] = { 0 };
  memcpy(s_list, contact_list, SIZEOF(s_list));
  for (int i = 0;; i++) {
    if (s_list[i] == lparam)
      return i;
    if (s_list[i] == 0)
      return -1;
  return 0;

Similar errors can be found in some other places:

  • V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'session_list'. Sessions main.cpp 143
  • V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'user_session_list'. Sessions main.cpp 143
  • V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'session_list_temp'. Sessions main.cpp 216
  • And 5 additional diagnostic messages.

Miranda NG

V1086 A call of the 'memset' function will lead to underflow of the buffer 'Data'. Weather weather_ini.cpp 250

void LoadStationData(...., WIDATA *Data)
  ZeroMemory(Data, sizeof(Data));

Miranda NG

V1086 A call of the 'memset' function will lead to underflow of the buffer 'msgFrom'. LotusNotify lotusnotify.cpp 760

void checkthread(void*)
  WCHAR msgFrom[512];
  WCHAR msgSubject[512];

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'msgSubject'. LotusNotify lotusnotify.cpp 761
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'nd->dd_dir.d_name'. glib dirent.c 138

Miranda NG

V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'L"mailto:"'. TabSRMM msgdialog.cpp 2085

INT_PTR CALLBACK DlgProcMessage(....)
  CopyMemory(tr.lpstrText, _T("mailto:"), 7);

Similar errors can be found in some other places:

  • V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'lfFont.lfFaceName'. Xfire userdetails.cpp 206
  • V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'L"%20"'. Weather weather_conv.cpp 476

Spring Engine

V1086 A call of the 'memset' function will lead to underflow of the buffer 'area'. RAI gterrainmap.h 84

struct TerrainMapMobileType
    memset(area,0,MAP_AREA_LIST_SIZE);       // <=

  TerrainMapArea *area[MAP_AREA_LIST_SIZE];  // <=

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'BQ'. RAI builder.cpp 67
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'SL'. RAI unitmanager.cpp 28
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'Group'. RAI unitmanager.cpp 29
  • And 1 additional diagnostic messages.


V1086 A call of the 'memset' function will lead to underflow of the buffer 'pAddExpression'. sos strike.cpp 11973

  if(addExpression.data != NULL || aExpression.data != NULL)
    WCHAR pAddExpression[MAX_EXPRESSION];
    memset(pAddExpression, 0, MAX_EXPRESSION);
    swprintf_s(pAddExpression, MAX_EXPRESSION, L"%S", ....);
    Status = g_watchCmd.Add(pAddExpression);

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'pSaveName'. sos strike.cpp 11997
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'pOldName'. sos strike.cpp 12013
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'pNewName'. sos strike.cpp 12016
  • And 2 additional diagnostic messages.

Haiku Operation System

V1086 A call of the 'memcmp' function will lead to underflow of the buffer '"Private-key-format: v"'. dst_api.c 858

  if (memcmp(in_buff, "Private-key-format: v", 20) != 0)
    goto fail;

Haiku Operation System

V1086 A call of the 'memset' function will lead to underflow of the buffer 'context'. sha2.c 623

#define MEMSET_BZERO(p,l)  memset((p), 0, (l))

void solv_SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
  /* Clean up state data: */
  MEMSET_BZERO(context, sizeof(context));
  usedspace = 0;

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'context'. sha2.c 644
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'context'. sha2.c 953
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'context'. sha2.c 973
  • And 2 additional diagnostic messages.

Unreal Engine 4

V1086 A call of the 'memset' function will lead to underflow of the buffer 'StartTimestampListHandles'. d3d12query.cpp 493

class FD3D12BufferedGPUTiming
  FD3D12CLSyncPoint* StartTimestampListHandles;
  FD3D12CLSyncPoint* EndTimestampListHandles;

void FD3D12BufferedGPUTiming::InitDynamicRHI()
  StartTimestampListHandles = new FD3D12CLSyncPoint[BufferSize];

  EndTimestampListHandles = new FD3D12CLSyncPoint[BufferSize];

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'EndTimestampListHandles'. d3d12query.cpp 495


V1086 A call of the 'memset' function will lead to underflow of the buffer 'buffer'. md5.cpp 243

class MD5
  typedef unsigned      char uint1;
  uint1 buffer[64];   // input buffer
  static void memset(uint1 *start, uint1 val, uint4 length);

void MD5::finalize ()
  // Zeroize sensitive information
  memset (buffer, 0, sizeof(*buffer));         // <=

FreeBSD Kernel

V1086 A call of the 'memset' function will lead to underflow of the buffer 'plog'. nat64lsn.c 218

struct pfloghdr {
  u_int8_t  length;
  sa_family_t  af;
  u_int8_t  action;
  u_int8_t  reason;
  char    ifname[IFNAMSIZ];
  char    ruleset[PFLOG_RULESET_NAME_SIZE];
  u_int32_t  rulenr;
  u_int32_t  subrulenr;
  uid_t    uid;
  pid_t    pid;
  uid_t    rule_uid;
  pid_t    rule_pid;
  u_int8_t  dir;
  u_int8_t  pad[3];

static void
nat64lsn_log(struct pfloghdr *plog, ....)
  memset(plog, 0, sizeof(plog));        // <=
  plog->length = PFLOG_REAL_HDRLEN;
  plog->af = family;
  plog->action = PF_NAT;
  plog->dir = PF_IN;
  plog->rulenr = htonl(n);
  plog->subrulenr = htonl(sn);
  plog->ruleset[0] = '\0';
  strlcpy(plog->ifname, "NAT64LSN", sizeof(plog->ifname));
  ipfw_bpf_mtap2(plog, PFLOG_HDRLEN, m);

CryEngine V

V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'hashableData'. GeomCacheRenderNode.cpp 285

void CGeomCacheRenderNode::Render(....)
  CREGeomCache* pCREGeomCache = iter->second.m_pRenderElement;
  uint8 hashableData[] =
   0, 0, 0, 0, 0, 0, 0, 0,
   (uint8)std::distance(pCREGeomCache->....->begin(), &meshData),
   (uint8)std::distance(meshData....->....begin(), &chunk),
   (uint8)std::distance(meshData.m_instances.begin(), &instance)

  memcpy(hashableData,pCREGeomCache,sizeof(pCREGeomCache)); // <=


V1086 A call of the 'memset' function will lead to underflow of the buffer 'req_id_used'. bt-service-util.c 38

typedef int gint;
typedef gint gboolean;


static gboolean req_id_used[BT_REQUEST_ID_RANGE_MAX];

void _bt_init_request_id(void)
  assigned_id = 0;
  memset(req_id_used, 0x00, BT_REQUEST_ID_RANGE_MAX);


V1086 A call of the 'memset' function will lead to underflow of the buffer 'formatted_number'. i18ninfo.c 544

typedef short unsigned int i18n_uchar;

#define BUF_SIZE 1000

static int __get_number_format(char *input_number)
  i18n_uchar formatted_number[BUF_SIZE];
  memset(formatted_number, 0, BUF_SIZE);


V1086 A call of the 'memset' function will lead to underflow of the buffer 'error_buffer'. ardour_http.cc 142

class HttpGet {
  char error_buffer[CURL_ERROR_SIZE];

HttpGet::HttpGet (bool p, bool ssl)
  : persist (p)
  , _status (-1)
  , _result (-1)
  memset (error_buffer, 0, sizeof (*error_buffer));


V1086 CWE-682 A call of the 'memset' function will lead to underflow of the buffer 'key_event->text'. event_conversion.cc 435

#if defined(WIN32)
  typedef wchar_t WebUChar;
  typedef unsigned short WebUChar;

static const size_t kTextLengthCap = 4;

class WebKeyboardEvent : public WebInputEvent {
  WebUChar text[kTextLengthCap];
  WebUChar unmodified_text[kTextLengthCap];

WebKeyboardEvent* BuildCharEvent(const InputEventData& event)
  WebKeyboardEvent* key_event = new WebKeyboardEvent(....);
  memset(key_event->text, 0, text_length_cap);
  memset(key_event->unmodified_text, 0, text_length_cap);

Confusion between the number of elements in the array and the size of the buffer in bytes.

Similar errors can be found in some other places:

  • V1086 CWE-682 A call of the 'memset' function will lead to underflow of the buffer 'key_event->unmodified_text'. event_conversion.cc 436


V1086 CWE-682 A call of the 'memset' function will lead to underflow of the buffer '_jumpBuf'. rtt_filter.cc 52

class VCMRttFilter {
  enum { kMaxDriftJumpCount = 5 };
  int64_t _jumpBuf[kMaxDriftJumpCount];
  int64_t _driftBuf[kMaxDriftJumpCount];

void VCMRttFilter::Reset() {
  _gotNonZeroUpdate = false;
  _avgRtt = 0;
  _varRtt = 0;
  _maxRtt = 0;
  _filtFactCount = 1;
  _jumpCount = 0;
  _driftCount = 0;
  memset(_jumpBuf, 0, kMaxDriftJumpCount);
  memset(_driftBuf, 0, kMaxDriftJumpCount);

Confusion between the number of elements in the array and the size of the buffer in bytes.

Command & Conquer

V1086 A call of the 'memset' function will lead to underflow of the buffer 'Buffer'. KEYBOARD.CPP 96

unsigned short Buffer[256];

  memset(Buffer, 0, 256);


V1086 [CWE-682] A call of the 'memset' function will lead to underflow of the buffer 'm_keys'. qv4estable.cpp 57

    : m_capacity(8)
    m_keys = (Value*)malloc(m_capacity * sizeof(Value));
    m_values = (Value*)malloc(m_capacity * sizeof(Value));
    memset(m_keys, 0, m_capacity);
    memset(m_values, 0, m_capacity);

Microsoft PowerToys

V1086 A call of the 'memset' function will lead to underflow of the buffer 'keyEventList'. KeyboardEventHandlers.cpp 16

typedef struct tagINPUT {
    DWORD   type;

        MOUSEINPUT      mi;
        KEYBDINPUT      ki;
        HARDWAREINPUT   hi;

void SetNumLockToPreviousState(....)
    int key_count = 2;
    LPINPUT keyEventList = new INPUT[size_t(key_count)]();
    memset(keyEventList, 0, sizeof(keyEventList));

close form

Remplissez le formulaire ci‑dessous en 2 étapes simples :

Vos coordonnées :

Étape 1
Félicitations ! Voici votre code promo !

Type de licence souhaité :

Étape 2
Team license
Enterprise licence
** En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité
close form
Demandez des tarifs
Nouvelle licence
Renouvellement de licence
--Sélectionnez la devise--
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
La licence PVS‑Studio gratuit pour les spécialistes Microsoft MVP
close form
Pour obtenir la licence de votre projet open source, s’il vous plait rempliez ce formulaire
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
I want to join the test
* En cliquant sur ce bouton, vous déclarez accepter notre politique de confidentialité

close form
check circle
Votre message a été envoyé.

Nous vous répondrons à

Si l'e-mail n'apparaît pas dans votre boîte de réception, recherchez-le dans l'un des dossiers suivants:

  • Promotion
  • Notifications
  • Spam