Для получения триального ключа
заполните форму ниже
Team License (базовая версия)
Enterprise License (расширенная версия)
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

Запросите информацию о ценах
Новая лицензия
Продление лицензии
--Выберите валюту--
USD
EUR
RUB
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

Бесплатная лицензия PVS-Studio для специалистов Microsoft MVP
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

Для получения лицензии для вашего открытого
проекта заполните, пожалуйста, эту форму
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

Мне интересно попробовать плагин на:
* Нажимая на кнопку, вы даете согласие на обработку
своих персональных данных. См. Политику конфиденциальности

Ваше сообщение отправлено.

Мы ответим вам на


Если вы так и не получили ответ, пожалуйста, проверьте папку
Spam/Junk и нажмите на письме кнопку "Не спам".
Так Вы не пропустите ответы от нашей команды.

>
>
>
Примеры ошибок, обнаруженных с помощью …

Примеры ошибок, обнаруженных с помощью диагностики V1086

V1086. Call of the 'Foo' function will lead to buffer underflow.


SMTP Client

V1086 A call of the 'memset' function will lead to a buffer underflow. CSmtp md5.cpp 212


void MD5::finalize () {
  ....
  uint1 buffer[64];
  ....
  // Zeroize sensitive information
  memset (buffer, 0, sizeof(*buffer));
  ....
}

Most likely this is what should be written here: memset (buffer, 0, sizeof(buffer));


Fennec Media

V1086 A call of the 'memset' function will lead to a buffer underflow. base windows.c 150


#define uinput_size       1024
typedef wchar_t letter;

letter  uinput_text[uinput_size];

string basewindows_getuserinput(const string title,
  const string cap, const string dtxt)
{
  memset(uinput_text, 0, uinput_size);
  ....
}

At the first sight, everything is fine with "memset(uinput_text, 0, uinput_size);". Perhaps it even was fine when the 'letter' type was 'char'. But now this is 'wchar_t', which results in zeroing only half of the buffer.


Fennec Media

V1086 A call of the 'memset' function will lead to a buffer underflow. base windows.c 2892


typedef wchar_t letter;

letter name[30];

int Conv_EqualizerProc(HWND hwnd,UINT uMsg,
  WPARAM wParam,LPARAM lParam)
{
  ....
  memset(eqp.name, 0, 30);
  ....
}

This is what should have been written here: sizeof(letter) * 30


Notepad++

V1086 A call of the memset function will lead to a buffer underflow. dockingmanager.cpp 78


#define CONT_MAP_MAX 50
int _iContMap[CONT_MAP_MAX];
....
DockingManager::DockingManager()
{
  ....
  memset(_iContMap, -1, CONT_MAP_MAX);
  ....
}

This is what should have been written here: memset(_iContMap, -1, CONT_MAP_MAX * sizeof(int));


Wolfenstein 3D

V1086 A call of the 'memset' function will lead to a buffer underflow. cgame bg_animation.c 999


typedef struct
{
  short int bodyPart[2];
  short int animIndex[2];
  short int animDuration[2];
  short int soundIndex;
  short int accShowBits;
  short int accHideBits;
} animScriptCommand_t;

void BG_ParseCommands(....) {
  ....
  animScriptCommand_t *command = NULL;
  ....
  memset( command, 0, sizeof( command ) );
  ....
}

This is what should have been written here: sizeof(*command)


Wolfenstein 3D

V1086 A call of the 'memset' function will lead to a buffer underflow. wolf cvar.c 764


typedef struct cvar_s {
  char        *name;
  ....
  struct cvar_s *hashNext;
} cvar_t;

void Cvar_Restart_f( void ) {
  cvar_t  *var;
  ....
  memset( var, 0, sizeof( var ) );
  ....
}

This is what should have been written here: memset( var, 0, sizeof( *var ) );


Newton Game Dynamics

V1086 A call of the 'memset' function will lead to a buffer underflow. physics dgcollisioncompoundbreakable.cpp 702


dgCollisionCompoundBreakable::dgCollisionCompoundBreakable (....)
{
  ....
  dgInt32 faceOffsetHitogram[256];
  dgSubMesh* mainSegmenst[256];
  ....
  memset(faceOffsetHitogram, 0, sizeof(faceOffsetHitogram));
  memset(mainSegmenst, 0, sizeof(faceOffsetHitogram));
  ....
}

A 64-bit error. These are the consequences of Copy-Paste. In a 64-bit program, the pointer size will become non-equal to the dgint32 size and we will clear only a part of the mainSegmenst array.


Miranda IM

V1086 A call of the 'memcpy' function will lead to a buffer underflow. tabsrmm utils.cpp 1080


typedef struct _textrangew
{
  CHARRANGE chrg;
  LPWSTR lpstrText;
} TEXTRANGEW;

const wchar_t* Utils::extractURLFromRichEdit(....)
{
  ....
  ::CopyMemory(tr.lpstrText, L"mailto:", 7);
  ....
}

This is what should have been written here: sizeof(wchar_t) * 7


Chromium

V1086 A call of the 'memset' function will lead to underflow of the buffer '(exploded)'. base time_win.cc 227


void Time::Explode(bool is_local, Exploded* exploded) const
{
  ....
  ZeroMemory(exploded, sizeof(exploded));
  ....
}

This is what should have been written here: sizeof(*exploded)


Chromium

V1086 A call of the 'memset' function will lead to underflow of the buffer '(exploded)'. platform time_win.cc 116


void NaCl::Time::Explode(bool is_local,
                         Exploded* exploded) const
{
  ....
  ZeroMemory(exploded, sizeof(exploded));
  ....
}

This is what should have been written here: sizeof(*exploded)


Qt

V1086 A call of the 'memset' function will lead to underflow of the buffer 's_attr_table'. qt3to4 cpplexer.cpp 77


int s_attr_table[256];

void CppLexer::setupScanTable()
{
  ....
  memset(s_attr_table, 0, 256);
  ....
}

This is what should have been written here: sizeof(int) * 256

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 's_attr_table'. qt3to4 rpplexer.cpp 60

Apache HTTP Server

V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. apr sha2.c 560


#define MEMSET_BZERO(p,l)       memset((p), 0, (l))

void apr__SHA256_Final(sha2_byte digest[],
                       SHA256_CTX* context) {
  ....
  MEMSET_BZERO(context, sizeof(context));
  ....
}

This is what should have been written here: sizeof(*context)

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. apr sha2.c 581
  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. apr sha2.c 892
  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. apr sha2.c 912
  • And 2 additional diagnostic messages.

Energy Checker SDK

V1086 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 683


#define PL_MAX_PATH 255
typedef WCHAR TCHAR, *PTCHAR;
TCHAR pl_cvt_buffer[PL_MAX_PATH] = { '\0' };

int plh_read_pl_config_ini_file(....)
{
  ....
  ZeroMemory(
    pl_cvt_buffer,
    PL_MAX_PATH
  );
  ....
}

This is what should have been written here: PL_MAX_PATH * sizeof(TCHAR)

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 714
  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 745
  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 789
  • And 5 additional diagnostic messages.

Energy Checker SDK

V1086 A call of the 'memset' function will lead to underflow of the buffer 'pconfig'. pl_csv_logger productivity_link_helper.c 1806


typedef struct _plh_dynamic_pl_folder_info {
....
} PLH_DYNAMIC_PL_FOLDER_INFO, *PPLH_DYNAMIC_PL_FOLDER_INFO;

int plh_dynamic_read_pl_folder(
  PPLH_DYNAMIC_PL_FOLDER_INFO pconfig)
{
  ....
  memset(
    pconfig,
    0,
    sizeof(pconfig)
  );
  ....
}

This is what should have been written here: sizeof(*pconfig)


Energy Checker SDK

V1086 A call of the 'memset' function will lead to underflow of the buffer 'temp'. core_api_unit_tests unit_tests_tools.c 379


void plt_tools_get_pl_config_full_file_name(char *buffer) {
  ....
  char temp[PL_MAX_PATH] = { '\0' };
  ....
  memset(
    temp,
    0,
    sizeof(buffer)
  );
  ....
}

This is what should have been written here: sizeof(temp)


Far Manager

V1086 A call of the 'memset' function will lead to underflow of the buffer 'PInfo'. far filelist.cpp 672


__int64 FileList::VMProcess(int OpCode,void *vParam,
                            __int64 iParam)
{
  ....
  PluginInfo *PInfo=(PluginInfo *)vParam;
  memset(PInfo,0,sizeof(PInfo));
  PInfo->StructSize=sizeof(PInfo);
  ....
}

This is what should have been written here: memset(PInfo, 0, sizeof(PluginInfo));


ReactOS

V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'buffer'. user32 dllmain.c 162


VOID
UnloadAppInitDlls()
{
  ....
  WCHAR buffer[KEY_LENGTH];
  ....
  RtlCopyMemory(buffer, szAppInit, KEY_LENGTH);
  ....
}

Multiplication by sizeof(WCHAR) is missing, which causes copying only half of the data. This is what the code should look like: RtlCopyMemory(buffer, szAppInit, KEY_LENGTH * sizeof(WCHAR)).


ReactOS

V1086 A call of the 'memset' function will lead to underflow of the buffer '((file_path))'. sndrec32 sndrec32.cpp 769


typedef WCHAR TCHAR,*PTCHAR;
TCHAR file_path[MAX_PATH];

#define MAX_PATH 260

LRESULT CALLBACK
WndProc( HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam )
{
  ....
  ZeroMemory( file_path, MAX_PATH );
  ....
}

This is what should have been written here: ZeroMemory( file_path, MAX_PATH * sizeof(TCHAR));

Similar errors can be found in some other places:

  • V1086 A call of the 'memcpy' function will lead to a buffer underflow. smss client.c 442

ReactOS

V1086 A call of the 'memset' function will lead to underflow of the buffer '((pfd))'. shell32 pidl.c 1160


HRESULT WINAPI SHGetDataFromIDListW(....)
{
  ....
  WIN32_FIND_DATAW * pfd = dest;
  ....
  ZeroMemory(pfd, sizeof (WIN32_FIND_DATAA));
}

This is what should have been written here: sizeof(WIN32_FIND_DATAW)


ReactOS

V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. rsaenh sha2.c 991


#define MEMSET_BZERO(p,l) memset((p), 0, (l))

char *SHA384_End(SHA384_CTX* context, char buffer[]) {
  ....
  MEMSET_BZERO(context, sizeof(context));
  ....
}

This is what should have been written here: sizeof(*context).

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. rsaenh sha2.c 566
  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. rsaenh sha2.c 587
  • V1086 A call of the 'memset' function will lead to underflow of the buffer '(context)'. rsaenh sha2.c 896
  • And 2 additional diagnostic messages.

IPP Samples

V1086 A call of the 'memset' function will lead to underflow of the buffer 'MEParams'. vc1_enc umc_vc1_enc_adv.cpp 1767


UMC::Status
VC1EncoderADV::SetMEParams_I_Field(UMC::MeParams* MEParams)
{
  UMC::Status umcSts    UMC::UMC_OK;
  memset(MEParams,0,sizeof(MEParams));
  ....
}

This is what should have been written here: memset(MEParams,0,sizeof(*MEParams));


Doom 3

V1086 A call of the 'memset' function will lead to underflow of the buffer 'ase.currentMesh'. DoomDLL model_ase.cpp 731


aseMesh_t *currentMesh;

static void ASE_KeyGEOMOBJECT( const char *token )
{
  ....
  ase.currentMesh = &ase.currentObject->mesh;
  memset( ase.currentMesh, 0, sizeof( ase.currentMesh ) );
  ....
}

This is what should have been written here: memset( ase.currentMesh, 0, sizeof( *ase.currentMesh ) );


Doom 3

V1086 A call of the 'memset' function will lead to underflow of the buffer '& cluster'. DoomDLL aasfile.cpp 1312


void idAASFileLocal::DeleteClusters( void ) {
  ....
  memset( &portal, 0, sizeof( portal ) );
  portals.Append( portal );

  // first cluster is a dummy
  memset( &cluster, 0, sizeof( portal ) );
  clusters.Append( cluster );
}

This is what should have been written here: memset( &cluster, 0, sizeof( cluster ) );


Mozilla Firefox

V1086 A call of the 'memset' function will lead to underflow of the buffer '(exploded)'. time_win.cc 198


void Time::Explode(bool is_local, Exploded* exploded) const {
  ....
  ZeroMemory(exploded, sizeof(exploded));
  ....
}

This is what should have been written here: ZeroMemory(exploded, sizeof(*exploded));


ADAPTIVE Communication Environment (ACE)

V1086 A call of the 'memcmp' function will lead to underflow of the buffer 'expected_msg.payload'. Send_Msg_Receiver receiver.cpp 109


struct Message
{
  unsigned int sn;
  unsigned short payload[payload_size];
};

int
ACE_TMAIN (int argc, ACE_TCHAR* argv[])
{
  ....
  if (ACE_OS::memcmp (expected_msg.payload,
                      msg.payload,
                      payload_size) != 0)
  {
    damaged[msg.sn] = 1;
  }
  ....
}

Most likely this is what should be written here: payload_size * sizeof(short)

Similar errors can be found in some other places:

  • V1086 A call of the 'memcmp' function will lead to underflow of the buffer 'expected_msg.payload'. RMCast_Receiver receiver.cpp 102

ADAPTIVE Communication Environment (ACE)

V1086 A call of the 'memset' function will lead to underflow of the buffer 'old_state'. thread.inl 172


ACE_INLINE int
ACE_Thread::disablecancel (struct cancel_state *old_state)
{
  ....
  ACE_OS::memset (old_state,
                  0,
                  sizeof (old_state));
  ....
}

DeSmuME

V1086 A call of the 'memset' function will lead to underflow of the buffer 'MapView'. DeSmuME_VS2005 mapview.cpp 204


mapview_struct *MapView = NULL;

BOOL CALLBACK ViewMapsProc (HWND hwnd, UINT message,
                            WPARAM wParam, LPARAM lParam)
{
  ....
  MapView = new mapview_struct;
  memset(MapView, 0, sizeof(MapView));
  ....
}

This is what should have been written here: memset(MapView, 0, sizeof(*MapView));


MAME

V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'state->m_spriteram16_buffered'. deco32.c 706


UINT16 m_spriteram16[0x1000];
UINT16 m_spriteram16_buffered[0x1000];

static WRITE32_HANDLER( deco32_buffer_spriteram_w )
{
  deco32_state *state =
    space->machine().driver_data<deco32_state>();
  memcpy(state->m_spriteram16_buffered,
         state->m_spriteram16, 0x1000);
}

This is what should have been written here: 0x1000 * sizeof(UINT16).


MAME

V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_rotate_ctrl'. wgp.c 949


UINT16      m_rotate_ctrl[8];

static MACHINE_RESET( wgp )
{
  wgp_state *state = machine.driver_data<wgp_state>();
  int i;

  state->m_banknum = 0;
  state->m_cpua_ctrl = 0xff;
  state->m_port_sel = 0;
  state->m_piv_ctrl_reg = 0;

  for (i = 0; i < 3; i++)
  {
    state->m_piv_zoom[i] = 0;
    state->m_piv_scrollx[i] = 0;
    state->m_piv_scrolly[i] = 0;
  }

  memset(state->m_rotate_ctrl, 0, 8);
}

Similar errors can be found in some other places:

  • V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'state->m_spriteram16_2_buffered'. deco32.c 726
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_playfield_code'. malzak.c 392

MAME

V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_control_0'. tumbleb.c 2065


UINT16 m_control_0[8];
#define ARRAY_LENGTH(x)  (sizeof(x) / sizeof(x[0]))

static MACHINE_RESET( tumbleb )
{
  ....
  memset(state->m_control_0, 0,
         ARRAY_LENGTH(state->m_control_0));
}

Most likely this is what should be written here: memset(state->m_control_0, 0, sizeof(state->m_control_0));

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_pmac_read'. megadriv.c 7156
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_pmac_write'. megadriv.c 7157
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_cart_is_genesis'. megatech.c 426
  • And 3 additional diagnostic messages.

MAME

V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_pstars_regs'. pgm.c 4458


UINT32 m_pstars_regs[16];

static DRIVER_INIT( pstar )
{
  ....
  memset(state->m_pstars_regs, 0, 16);
  ....
}

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_kb_regs'. pgm.c 4975
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_kb_regs'. pgm.c 4996
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'state->m_kb_regs'. pgm.c 5056
  • And 4 additional diagnostic messages.

Samba

V1086 A call of the 'memset' function will lead to underflow of the buffer 'rt'. perf_writer.c 80


void initialize(PERF_DATA_BLOCK *data,
  RuntimeSettings *rt, int argc, char **argv)
{
    memset(data, 0, sizeof(*data));
    memset(rt, 0, sizeof(*data));
  ....
}

Most likely this is what should be written here: memset(rt, 0, sizeof(*rt));.


Samba

V1086 A call of the 'memcmp' function will lead to underflow of the buffer 'u0'. netuser.c 247


static NET_API_STATUS test_netusermodals(
  struct libnetapi_ctx *ctx,
  const char *hostname)
{
  ....
  struct USER_MODALS_INFO_0 *u0 = NULL;
  struct USER_MODALS_INFO_0 *_u0 = NULL;
  ....
  if (memcmp(u0, _u0, sizeof(u0) != 0)) {
    printf("USER_MODALS_INFO_0 struct has changed!!!!\n");
    return -1;
  }
  ....
}

Most likely this is what should be written here: sizeof(*u0).


libevent

V1086 A call of the 'memset' function will lead to underflow of the buffer 'win32op'. win32select.c 374


void
win32_dealloc(struct event_base *_base)
{
  struct win32op *win32op = _base->evbase;
  ....
  memset(win32op, 0, sizeof(win32op));
  ....
}

Windows 8 Driver Samples

V1086 A call of the 'memset' function will lead to underflow of the buffer 'wbuf'. ihvsampleextui.cpp 288


HRESULT
CDot11SampleExtUI::CreateSecurityProperties(....)
{
  ....
  WCHAR wbuf[128];
  ....
  ZeroMemory(wbuf, 128);
  ....
}

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'wbuf'. ihvsampleextui.cpp 369

Windows 8 Driver Samples

V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'deviceInfo->UnicodeSourceIp'. testapp.c 729


typedef struct _DEVICE_INFO
{
  ....
  WCHAR UnicodeSourceIp[MAX_LEN];
  WCHAR UnicodeDestIp[MAX_LEN];
  ....
} DEVICE_INFO, *PDEVICE_INFO;

PDEVICE_INFO FindDeviceInfo(....)
{
  ....
  PDEVICE_INFO    deviceInfo = NULL;
  ....
  memcpy(deviceInfo->UnicodeSourceIp,
         InputInfo->SourceIp, MAX_LEN);
  memcpy(deviceInfo->UnicodeDestIp,
         InputInfo->DestIp, MAX_LEN);
  ....
}

Similar errors can be found in some other places:

  • V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'deviceInfo->UnicodeDestIp'. testapp.c 730

NetXMS

V1086 A call of the 'memset' function will lead to underflow of the buffer 'commandLine'. procinfo.cpp 278


typedef WCHAR TCHAR, *PTCHAR;

static BOOL MatchProcess(....)
{
  ....
  TCHAR commandLine[MAX_PATH];
  ....
  memset(commandLine, 0, MAX_PATH);
  ....
}

NetXMS

V1086 A call of the 'memset' function will lead to underflow of the buffer 'm_szTitle'. toolbox.cpp 28


typedef WCHAR TCHAR, *PTCHAR;

#define MAX_TOOLBOX_TITLE  64

TCHAR m_szTitle[MAX_TOOLBOX_TITLE];

CToolBox::CToolBox()
{
  memset(m_szTitle, 0, MAX_TOOLBOX_TITLE);
}

Multi Theft Auto

V1086 A call of the 'memset' function will lead to underflow of the buffer 'm_buffer'. sharedutil.hash.hpp 216


unsigned char m_buffer[64];

void CMD5Hasher::Finalize ( void )
{
  ....
  // Zeroize sensitive information
  memset ( m_buffer, 0, sizeof (*m_buffer) );
  ....
}

Snes9x

V1086 A call of the 'memset' function will lead to underflow of the buffer '& cht'. ramwatch.cpp 1199


struct ICheat
{
  uint32  address;
  uint32  new_val;
  uint32  saved_val;
  int     size;
  bool8   enabled;
  bool8   saved;
  char    name [22];
  int format;
};

struct SCheat
{
  uint32 address;
  uint8   byte;
  uint8   saved_byte;
  bool8  saved;
};

void RamWatchEnableCommand(....)
{
  ....
  struct ICheat cht;
  ....
  ZeroMemory(&cht, sizeof(struct SCheat));
  ....
}

Most likely this is what should be written here: ZeroMemory(&cht, sizeof(struct ICheat));

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer '& cht'. ram_search.cpp 1789
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'new_cheat'. wsnes9x.cpp 9924

VirtualDub

V1086 A call of the 'memcmp' function will lead to underflow of the buffer '"GL_EXT_blend_subtract"'. Riza opengl.cpp 393


bool VDOpenGLBinding::Attach(....) {
  ....
  if (!memcmp(start, "GL_EXT_blend_subtract", 20))
  ....
}

strlen("GL_EXT_blend_subtract") == 21


FlightGear

V1086 A call of the 'memset' function will lead to underflow of the buffer 'ctx'. md5.c 180


void MD5Final(uint8_t digest[16], struct MD5Context *ctx)
{
  ....
  memset(ctx, 0, sizeof(ctx));  /* In case it's sensitive */
  ....
}

Gifticlib

V1086 A call of the 'memset' function will lead to underflow of the buffer 'gim'. gifti_io.c 4097


int gifti_clear_gifti_image(gifti_image * gim)
{
  if(!gim) {
    fprintf(stderr,"** NULL in clear_gifti_image\n"); return 1;
  }

  if( G.verb > 5 )
    fprintf(stderr,"-- clearing gifti_image\n");

  /* set the version and clear all pointers */
  memset(gim, 0, sizeof(gim));
  ....
}

Miranda NG

V1086 A call of the 'memset' function will lead to underflow of the buffer 'logfonts'. TabSRMM msglog.cpp 134


#define MSGDLGFONTCOUNT 22

LOGFONTA logfonts[MSGDLGFONTCOUNT + 2];

void TSAPI CacheLogFonts()
{
  int i;
  HDC hdc = GetDC(NULL);
  logPixelSY = GetDeviceCaps(hdc, LOGPIXELSY);
  ReleaseDC(NULL, hdc);

  ZeroMemory(logfonts, sizeof(LOGFONTA) * MSGDLGFONTCOUNT + 2);
  ....
}

Most likely this is what should be written here: ZeroMemory(logfonts, sizeof(LOGFONTA) * (MSGDLGFONTCOUNT + 2));


Miranda NG

V1086 A call of the 'memcpy' function will lead to underflow of the buffer 's_list'. Sessions utils.cpp 288


#define SIZEOF(X) (sizeof(X)/sizeof(X[0]))

int CheckForDuplicate(MCONTACT contact_list[], MCONTACT lparam)
{
  MCONTACT s_list[255] = { 0 };
  memcpy(s_list, contact_list, SIZEOF(s_list));
  for (int i = 0;; i++) {
    if (s_list[i] == lparam)
      return i;
    if (s_list[i] == 0)
      return -1;
  }
  return 0;
}

Similar errors can be found in some other places:

  • V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'session_list'. Sessions main.cpp 143
  • V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'user_session_list'. Sessions main.cpp 143
  • V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'session_list_temp'. Sessions main.cpp 216
  • And 5 additional diagnostic messages.

Miranda NG

V1086 A call of the 'memset' function will lead to underflow of the buffer 'Data'. Weather weather_ini.cpp 250


void LoadStationData(...., WIDATA *Data)
{
  ....
  ZeroMemory(Data, sizeof(Data));
  ....
}

Miranda NG

V1086 A call of the 'memset' function will lead to underflow of the buffer 'msgFrom'. LotusNotify lotusnotify.cpp 760


void checkthread(void*)
{
  ....
  WCHAR msgFrom[512];
  WCHAR msgSubject[512];
  ZeroMemory(msgFrom,512);
  ZeroMemory(msgSubject,512);
  ....
}

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'msgSubject'. LotusNotify lotusnotify.cpp 761
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'nd->dd_dir.d_name'. glib dirent.c 138

Miranda NG

V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'L"mailto:"'. TabSRMM msgdialog.cpp 2085


INT_PTR CALLBACK DlgProcMessage(....)
{
  ....
  CopyMemory(tr.lpstrText, _T("mailto:"), 7);
  ....
}

Similar errors can be found in some other places:

  • V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'lfFont.lfFaceName'. Xfire userdetails.cpp 206
  • V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'L"%20"'. Weather weather_conv.cpp 476

Spring Engine

V1086 A call of the 'memset' function will lead to underflow of the buffer 'area'. RAI gterrainmap.h 84


#define MAP_AREA_LIST_SIZE 50
struct TerrainMapMobileType
{
  TerrainMapMobileType()
  {
    ....
    memset(area,0,MAP_AREA_LIST_SIZE);       // <=
  };

  TerrainMapArea *area[MAP_AREA_LIST_SIZE];  // <=
  ....
};

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'BQ'. RAI builder.cpp 67
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'SL'. RAI unitmanager.cpp 28
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'Group'. RAI unitmanager.cpp 29
  • And 1 additional diagnostic messages.

.NET CoreCLR

V1086 A call of the 'memset' function will lead to underflow of the buffer 'pAddExpression'. sos strike.cpp 11973


DECLARE_API(Watch)
{
  ....
  if(addExpression.data != NULL || aExpression.data != NULL)
  {
    WCHAR pAddExpression[MAX_EXPRESSION];
    memset(pAddExpression, 0, MAX_EXPRESSION);
    swprintf_s(pAddExpression, MAX_EXPRESSION, L"%S", ....);
    Status = g_watchCmd.Add(pAddExpression);
  }
  ....
}

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'pSaveName'. sos strike.cpp 11997
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'pOldName'. sos strike.cpp 12013
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'pNewName'. sos strike.cpp 12016
  • And 2 additional diagnostic messages.

Haiku Operation System

V1086 A call of the 'memcmp' function will lead to underflow of the buffer '"Private-key-format: v"'. dst_api.c 858


dst_s_read_private_key_file(....)
{
  ....
  if (memcmp(in_buff, "Private-key-format: v", 20) != 0)
    goto fail;
  ....
}

Haiku Operation System

V1086 A call of the 'memset' function will lead to underflow of the buffer 'context'. sha2.c 623


#define MEMSET_BZERO(p,l)  memset((p), 0, (l))

void solv_SHA256_Final(sha2_byte digest[], SHA256_CTX* context) {
  ....
  /* Clean up state data: */
  MEMSET_BZERO(context, sizeof(context));
  usedspace = 0;
}

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'context'. sha2.c 644
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'context'. sha2.c 953
  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'context'. sha2.c 973
  • And 2 additional diagnostic messages.

Unreal Engine 4

V1086 A call of the 'memset' function will lead to underflow of the buffer 'StartTimestampListHandles'. d3d12query.cpp 493


class FD3D12BufferedGPUTiming
{
  ....
  FD3D12CLSyncPoint* StartTimestampListHandles;
  FD3D12CLSyncPoint* EndTimestampListHandles;
  ....
};

void FD3D12BufferedGPUTiming::InitDynamicRHI()
{
  ....
  StartTimestampListHandles = new FD3D12CLSyncPoint[BufferSize];
  ZeroMemory(StartTimestampListHandles,
             sizeof(StartTimestampListHandles));

  EndTimestampListHandles = new FD3D12CLSyncPoint[BufferSize];
  ZeroMemory(EndTimestampListHandles,
             sizeof(EndTimestampListHandles));
  ....
}

Similar errors can be found in some other places:

  • V1086 A call of the 'memset' function will lead to underflow of the buffer 'EndTimestampListHandles'. d3d12query.cpp 495

CodeLite

V1086 A call of the 'memset' function will lead to underflow of the buffer 'buffer'. md5.cpp 243


class MD5
{
  ....
  typedef unsigned      char uint1;
  ....
  uint1 buffer[64];   // input buffer
  ....
  static void memset(uint1 *start, uint1 val, uint4 length);
  ....
};

void MD5::finalize ()
{
  ....
  // Zeroize sensitive information
  memset (buffer, 0, sizeof(*buffer));         // <=
  finalized=1;
}

FreeBSD Kernel

V1086 A call of the 'memset' function will lead to underflow of the buffer 'plog'. nat64lsn.c 218


struct pfloghdr {
  u_int8_t  length;
  sa_family_t  af;
  u_int8_t  action;
  u_int8_t  reason;
  char    ifname[IFNAMSIZ];
  char    ruleset[PFLOG_RULESET_NAME_SIZE];
  u_int32_t  rulenr;
  u_int32_t  subrulenr;
  uid_t    uid;
  pid_t    pid;
  uid_t    rule_uid;
  pid_t    rule_pid;
  u_int8_t  dir;
  u_int8_t  pad[3];
};

static void
nat64lsn_log(struct pfloghdr *plog, ....)
{
  memset(plog, 0, sizeof(plog));        // <=
  plog->length = PFLOG_REAL_HDRLEN;
  plog->af = family;
  plog->action = PF_NAT;
  plog->dir = PF_IN;
  plog->rulenr = htonl(n);
  plog->subrulenr = htonl(sn);
  plog->ruleset[0] = '\0';
  strlcpy(plog->ifname, "NAT64LSN", sizeof(plog->ifname));
  ipfw_bpf_mtap2(plog, PFLOG_HDRLEN, m);
}

CryEngine V

V1086 A call of the 'memcpy' function will lead to underflow of the buffer 'hashableData'. GeomCacheRenderNode.cpp 285


void CGeomCacheRenderNode::Render(....)
{
  ....
  CREGeomCache* pCREGeomCache = iter->second.m_pRenderElement;
  ....
  uint8 hashableData[] =
  {
   0, 0, 0, 0, 0, 0, 0, 0,
   (uint8)std::distance(pCREGeomCache->....->begin(), &meshData),
   (uint8)std::distance(meshData....->....begin(), &chunk),
   (uint8)std::distance(meshData.m_instances.begin(), &instance)
  };

  memcpy(hashableData,pCREGeomCache,sizeof(pCREGeomCache)); // <=
  ....
}

Tizen

V1086 A call of the 'memset' function will lead to underflow of the buffer 'req_id_used'. bt-service-util.c 38


typedef int gint;
typedef gint gboolean;

#define BT_REQUEST_ID_RANGE_MAX 245

static gboolean req_id_used[BT_REQUEST_ID_RANGE_MAX];

void _bt_init_request_id(void)
{
  assigned_id = 0;
  memset(req_id_used, 0x00, BT_REQUEST_ID_RANGE_MAX);
}

Tizen

V1086 A call of the 'memset' function will lead to underflow of the buffer 'formatted_number'. i18ninfo.c 544


typedef short unsigned int i18n_uchar;

#define BUF_SIZE 1000

static int __get_number_format(char *input_number)
{
  ....
  i18n_uchar formatted_number[BUF_SIZE];
  ....
  memset(formatted_number, 0, BUF_SIZE);
  ....
}

Ardour

V1086 A call of the 'memset' function will lead to underflow of the buffer 'error_buffer'. ardour_http.cc 142


class HttpGet {
  ....
  char error_buffer[CURL_ERROR_SIZE];
  ....
};

HttpGet::HttpGet (bool p, bool ssl)
  : persist (p)
  , _status (-1)
  , _result (-1)
{
  memset (error_buffer, 0, sizeof (*error_buffer));
  ....
}

Chromium

V1086 CWE-682 A call of the 'memset' function will lead to underflow of the buffer 'key_event->text'. event_conversion.cc 435


#if defined(WIN32)
  typedef wchar_t WebUChar;
#else
  typedef unsigned short WebUChar;
#endif

static const size_t kTextLengthCap = 4;

class WebKeyboardEvent : public WebInputEvent {
  ....
  WebUChar text[kTextLengthCap];
  WebUChar unmodified_text[kTextLengthCap];
  ....
};

WebKeyboardEvent* BuildCharEvent(const InputEventData& event)
{
  WebKeyboardEvent* key_event = new WebKeyboardEvent(....);
  ....
  memset(key_event->text, 0, text_length_cap);
  memset(key_event->unmodified_text, 0, text_length_cap);
  ....
}

Confusion between the number of elements in the array and the size of the buffer in bytes.

Similar errors can be found in some other places:

  • V1086 CWE-682 A call of the 'memset' function will lead to underflow of the buffer 'key_event->unmodified_text'. event_conversion.cc 436

WebRTC

V1086 CWE-682 A call of the 'memset' function will lead to underflow of the buffer '_jumpBuf'. rtt_filter.cc 52


class VCMRttFilter {
  ....
  enum { kMaxDriftJumpCount = 5 };
  ....
  int64_t _jumpBuf[kMaxDriftJumpCount];
  int64_t _driftBuf[kMaxDriftJumpCount];
  ....
};

void VCMRttFilter::Reset() {
  _gotNonZeroUpdate = false;
  _avgRtt = 0;
  _varRtt = 0;
  _maxRtt = 0;
  _filtFactCount = 1;
  _jumpCount = 0;
  _driftCount = 0;
  memset(_jumpBuf, 0, kMaxDriftJumpCount);
  memset(_driftBuf, 0, kMaxDriftJumpCount);
}

Confusion between the number of elements in the array and the size of the buffer in bytes.


Command & Conquer

V1086 A call of the 'memset' function will lead to underflow of the buffer 'Buffer'. KEYBOARD.CPP 96


unsigned short Buffer[256];

WWKeyboardClass::WWKeyboardClass(void)
{
  ....
  memset(Buffer, 0, 256);
  ....
}

Qt

V1086 [CWE-682] A call of the 'memset' function will lead to underflow of the buffer 'm_keys'. qv4estable.cpp 57


ESTable::ESTable()
    : m_capacity(8)
{
    m_keys = (Value*)malloc(m_capacity * sizeof(Value));
    m_values = (Value*)malloc(m_capacity * sizeof(Value));
    memset(m_keys, 0, m_capacity);
    memset(m_values, 0, m_capacity);
}

Unicorn with delicious cookie
Мы используем куки, чтобы пользоваться сайтом было удобно. Хотите узнать подробнее?
Принять