[GRASS-dev] cppcheck analysis of grass_6.4.0 finds a number of C bugs

Hamish hamish_b at yahoo.com
Wed Jan 12 18:37:59 EST 2011


Hi,

re. http://www.linuxjournal.com/content/daca-could-mean-less-bugs-debian

we get a list of probably bugs in the 6.4.0 C/C++ code:

http://qa.debian.org/daca/cppcheck/squeeze/grass_6.4.0~rc6+42329-3.html

which gives:

    * ./display/d.barscale/main.c:171 [error] - Undefined behaviour: cmdbuf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./display/d.barscale/main.c:172 [error] - Undefined behaviour: cmdbuf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./display/d.profile/Range.c:27 [error] - Buffer access out-of-bounds: inbuf
    * ./display/d.profile/Range.c:48 [error] - Resource leak: temp_file
    * ./display/d.text.new/main.c:382 [error] - Undefined behaviour: buf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./display/d.text.new/main.c:383 [error] - Undefined behaviour: buf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./display/d.text.new/main.c:384 [error] - Undefined behaviour: buf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./display/d.text.new/main.c:385 [error] - Undefined behaviour: buf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./display/d.text.new/main.c:386 [error] - Undefined behaviour: buf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./display/d.text.new/main.c:387 [error] - Undefined behaviour: buf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./display/d.text.new/main.c:388 [error] - Undefined behaviour: buf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./display/d.vect/label.c:97 [error] - Undefined behaviour: text is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./display/d.vect/label.c:99 [error] - Undefined behaviour: text is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./display/d.zoom/print.c:106 [error] - Undefined behaviour: buffer is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./display/d.zoom/print.c:113 [error] - Undefined behaviour: buffer is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./display/d.zoom/print.c:120 [error] - Undefined behaviour: buffer is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./gem/at_exit_funcs.c:103 [error] - Resource leak: dir
    * ./gem/main.c:405 [error] - Buffer overrun possible for long cmd-line args
    * ./gem/reg_entries.c:316 [error] - Resource leak: f_out
    * ./gem/reg_entries.c:525 [error] - Resource leak: f_out
    * ./gem/reg_entries.c:756 [error] - Resource leak: f_out
    * ./gem/reg_html.c:228 [error] - Resource leak: f_out
    * ./gem/reg_html.c:330 [error] - Resource leak: f_out
    * ./gem/reg_html.c:440 [error] - Resource leak: f_out
    * ./gem/tools.c:327 [error] - Memory leak: tmp
    * ./gem/tools.c:460 [error] - Memory leak: tmp
    * ./gem/tools.c:526 [error] - Memory leak: tmp
    * ./gem/tools.c:683 [error] - Resource leak: dir
    * ./gem/tools.c:719 [error] - Resource leak: dir
    * ./gem/tools.c:823 [error] - Resource leak: f
    * ./gui/wxpython/vdigit/pseudodc.cpp:150 [error] - Mismatching allocation and deallocation: gpdcDrawPolyPolygonOp::m_count
    * ./imagery/i.atcorr/AerosolConcentration.cpp:35 [error] - Passing value 0 to log() leads to undefined result
    * ./imagery/i.ortho.photo/photo.2image/ask.c:265 [error] - Resource leak: fd
    * ./imagery/i.ortho.photo/photo.2target/ask.c:263 [error] - Resource leak: fd
    * ./imagery/i.ortho.photo/photo.rectify/ps_cp.c:53 [error] - Uninitialized variable: msg
    * ./imagery/i.ortho.photo/photo.rectify/ps_cp.c:58 [error] - Uninitialized variable: msg
    * ./imagery/i.points/ask.c:264 [error] - Resource leak: fd
    * ./imagery/i.vpoints/ask.c:260 [error] - Resource leak: fd
    * ./lib/bitmap/bitmap.c:327 [error] - Memory leak: map
    * ./lib/bitmap/bitmap.c:351 [error] - Memory leak: map.data
    * ./lib/cairodriver/read_ppm.c:26 [error] - Resource leak: input
    * ./lib/cdhc/enormp.c:51 [error] - Uninitialized variable: x4
    * ./lib/dspf/cube_io.c:257 [error] - Buffer access out-of-bounds: in_buf
    * ./lib/edit/edit_cellhd.c:558 [error] - fflush() called on input stream "stdin" may result in undefined behaviour
    * ./lib/external/shapelib/shpopen.c:849 [error] - Memory leak: pszBasename
    * ./lib/gis/copy_file.c:48 [error] - Resource leak: infp
    * ./lib/gis/error.c:346 [error] - Resource leak: log
    * ./lib/gis/gdal.c:58 [error] - Uninitialized variable: sym
    * ./lib/gis/ls.c:114 [error] - Resource leak: dfd
    * ./lib/iostream/mm.cc:304 [error] - Memory leak: p
    * ./lib/iostream/mm.cc:355 [error] - Memory leak: p
    * ./lib/nviz/render.c:122 [error] - Possible null pointer dereference: v - otherwise it is redundant to check if v is null at line 128
    * ./lib/nviz/render.c:123 [error] - Possible null pointer dereference: v - otherwise it is redundant to check if v is null at line 128
    * ./lib/ogsf/gv.c:184 [error] - Possible null pointer dereference: gv - otherwise it is redundant to check if gv is null at line 186
    * ./lib/ogsf/gvl.c:188 [error] - Possible null pointer dereference: gvl - otherwise it is redundant to check if gvl is null at line 190
    * ./lib/symbol/read.c:345 [error] - Undefined behaviour: buf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./lib/symbol/read.c:429 [error] - Undefined behaviour: buf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./lib/vask/V_exit.c:57 [error] - fflush() called on input stream "stdin" may result in undefined behaviour
    * ./lib/vector/Vlib/dbcolumns.c:79 [error] - Undefined behaviour: buf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./lib/vector/Vlib/dbcolumns.c:139 [error] - Undefined behaviour: buf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./lib/vector/Vlib/dbcolumns.c:202 [error] - Undefined behaviour: buf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./lib/vector/dglib/examples/opt.c:220 [error] - Memory leak: pszArgv
    * ./raster/r.flow/precomp.c:154 [error] - Array index -1 is out of bounds
    * ./raster/r.flow/precomp.c:158 [error] - Array index -1 is out of bounds
    * ./raster/r.flow/precomp.c:161 [error] - Array index -1 is out of bounds
    * ./raster/r.flow/precomp.c:163 [error] - Array index -1 is out of bounds
    * ./raster/r.flow/precomp.c:165 [error] - Array index -1 is out of bounds
    * ./raster/r.in.gridatb/file_io.c:64 [error] - Deallocating a deallocated pointer: fp
    * ./raster/r.li/r.li.cwed/cwed.c:127 [error] - Resource leak: file_fd
    * ./raster/r.li/r.li.cwed/cwed.c:333 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.cwed/cwed.c:476 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.cwed/cwed.c:612 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.daemon/daemon.c:282 [error] - Resource leak: res
    * ./raster/r.li/r.li.daemon/daemon.c:282 [error] - Resource leak: random_access
    * ./raster/r.li/r.li.daemon/daemon.c:708 [error] - Memory leak: file_buf
    * ./raster/r.li/r.li.daemon/worker.c:259 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.daemon/worker.c:262 [error] - Memory leak: buf
    * ./raster/r.li/r.li.dominance/dominance.c:159 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.dominance/dominance.c:370 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.dominance/dominance.c:574 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.edgedensity/edgedensity.c:164 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.edgedensity/edgedensity.c:427 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.edgedensity/edgedensity.c:692 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.mpa/mpa.c:137 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.mpa/mpa.c:200 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.mpa/mpa.c:265 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.mps/mps.c:159 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.mps/mps.c:530 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.mps/mps.c:900 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.padcv/padcv.c:138 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.padcv/padcv.c:535 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.padcv/padcv.c:928 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.padrange/padrange.c:146 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.padrange/padrange.c:547 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.padrange/padrange.c:930 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.padsd/padsd.c:137 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.padsd/padsd.c:536 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.padsd/padsd.c:927 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.patchdensity/main.c:204 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.patchdensity/main.c:205 [error] - Memory leak: mask_buf
    * ./raster/r.li/r.li.patchnum/main.c:180 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.patchnum/main.c:181 [error] - Memory leak: mask_buf
    * ./raster/r.li/r.li.richness/richness.c:145 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.richness/richness.c:303 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.richness/richness.c:465 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.shannon/shannon.c:155 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.shannon/shannon.c:362 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.shannon/shannon.c:565 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.shape/main.c:85 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.shape/main.c:85 [error] - Memory leak: mask_buf
    * ./raster/r.li/r.li.simpson/simpson.c:154 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.simpson/simpson.c:343 [error] - Resource leak: mask_fd
    * ./raster/r.li/r.li.simpson/simpson.c:532 [error] - Resource leak: mask_fd
    * ./raster/r.mfilter.fp/getfilt.c:162 [error] - Resource leak: fd
    * ./raster/r.mfilter/getfilt.c:160 [error] - Resource leak: fd
    * ./raster/r.out.gridatb/file_io.c:105 [error] - Resource leak: fp
    * ./raster/r.quant/read_rules.c:85 [error] - Buffer access out-of-bounds: buf
    * ./raster/r.statistics/o_distrib.c:70 [error] - Resource leak: fd1
    * ./raster/r.support/modcolr/modcolr.c:44 [error] - Dangerous usage of 'name' (strncpy doesn't always 0-terminate it)
    * ./raster/r.support/modhist/modhist.c:45 [error] - Dangerous usage of 'name' (strncpy doesn't always 0-terminate it)
    * ./raster/r.terraflow/nodata.h:65 [error] - Buffer access out-of-bounds
    * ./raster/r.terraflow/plateau.h:50 [error] - Buffer access out-of-bounds
    * ./raster/r.terraflow/unionFind.h:127 [error] - Common realloc mistake: "parent" nulled but not freed upon failure
    * ./raster/r.terraflow/unionFind.h:131 [error] - Common realloc mistake: "rank" nulled but not freed upon failure
    * ./raster/r.terraflow/stats.cc:80 [error] - Resource leak: fd
    * ./raster/r.terraflow/sweep.cc:158 [error] - Uninitialized variable: flowpq
    * ./raster3d/r3.in.v5d/v5d.c:2001 [error] - Resource leak: fd
    * ./raster3d/r3.in.v5d/v5d.c:2381 [error] - Resource leak: fd
    * ./raster3d/r3.out.v5d/v5d.c:2001 [error] - Resource leak: fd
    * ./raster3d/r3.out.v5d/v5d.c:2381 [error] - Resource leak: fd
    * ./raster3d/r3.showdspf/new_init_graphics.c:234 [error] - Resource leak: fp
    * ./raster3d/r3.stats/main.c:665 [error] - Possible null pointer dereference: eqvals - otherwise it is redundant to check if eqvals is null at line 672
    * ./raster3d/r3.stats/main.c:668 [error] - Possible null pointer dereference: eqvals - otherwise it is redundant to check if eqvals is null at line 672
    * ./vector/v.clean/test/topocheck.c:54 [error] - Invalid number of character (() when these macros are defined: ''.
    * ./vector/v.delaunay2/geometry.c:254 [error] - Uninitialized variable: v_n_o_b
    * ./vector/v.delaunay2/geometry.c:255 [error] - Uninitialized variable: v_n_d_b
    * ./vector/v.delaunay2/geometry.c:257 [error] - Uninitialized variable: v_n_o_b
    * ./vector/v.delaunay2/geometry.c:257 [error] - Uninitialized variable: v_n_d_b
    * ./vector/v.delaunay2/geometry.c:291 [error] - Uninitialized variable: v_p_o_b
    * ./vector/v.delaunay2/geometry.c:292 [error] - Uninitialized variable: v_p_d_b
    * ./vector/v.delaunay2/geometry.c:294 [error] - Uninitialized variable: v_p_o_b
    * ./vector/v.delaunay2/geometry.c:294 [error] - Uninitialized variable: v_p_d_b
    * ./vector/v.digit/i_face.c:91 [error] - Undefined behaviour: val is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./vector/v.digit/i_face.c:93 [error] - Undefined behaviour: val is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./vector/v.external/main.c:53 [error] - Undefined behaviour: buf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./vector/v.external/main.c:55 [error] - Undefined behaviour: buf is used wrong in call to sprintf or snprintf. Quote: If copying takes place between objects that overlap as a result of a call to sprintf() or snprintf(), the results are undefined.
    * ./vector/v.in.dwg/entity.c:516 [error] - Array 'tempdouble[2]' index 2 out of bounds
    * ./vector/v.in.dwg/entity.c:517 [error] - Array 'tempwidth[2]' index 2 out of bounds
    * ./vector/v.in.dwg/main.c:219 [error] - Invalid number of character (() when these macros are defined: ''.
    * ./vector/v.label.sa/labels.c:131 [error] - Common realloc mistake: "labels" nulled but not freed upon failure
    * ./vector/v.mapcalc/list.c:524 [error] - Possible null pointer dereference: item
    * ./vector/v.mapcalc/list.c:525 [error] - Possible null pointer dereference: item
    * ./vector/v.mapcalc/vector.c:127 [error] - Passing value -1 to sqrt() leads to undefined result
    * ./visualization/nviz/src/togl.c:3548 [error] - Memory leak: pixels 



also that tool gives a list a possible bashisms, but I've just
gone through those for devbr6, nothing of major concern there.


Hamish



      


More information about the grass-dev mailing list