[GRASS-dev] cppcheck analysis of grass_6.4.0 finds a number of C
bugs
Maris Nartiss
maris.gis at gmail.com
Thu Jan 13 04:08:25 EST 2011
Hello Hamish,
Yesterday I was thinking about such tool, as I was fixing
v.digit/i_face.c (from Your list) (r44984). You are reading my mind
(that's scary).
I would like to call all sprintf() abuses (and probably all other
non-memleaks) a blocker and delay RC2 till all of them are fixed.
v.digit functionality was allready broken due to this and it also
could explain some others hard to catch bugs.
Sill most likely I will have no time till 20. Jan. to do any fixing.
Maris.
2011/1/13, Hamish <hamish_b at yahoo.com>:
> Hi,
>
> re. http://www.linuxjournal.com/content/daca-could-mean-less-bugs-debian
>
> we get a list of probably bugs in the 6.4.0 C/C++ code:
>
> http://qa.debian.org/daca/cppcheck/squeeze/grass_6.4.0~rc6+42329-3.html
>
> which gives:
>
> * ./display/d.barscale/main.c:171 [error] - Undefined behaviour: cmdbuf
> is used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./display/d.barscale/main.c:172 [error] - Undefined behaviour: cmdbuf
> is used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./display/d.profile/Range.c:27 [error] - Buffer access out-of-bounds:
> inbuf
> * ./display/d.profile/Range.c:48 [error] - Resource leak: temp_file
> * ./display/d.text.new/main.c:382 [error] - Undefined behaviour: buf is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./display/d.text.new/main.c:383 [error] - Undefined behaviour: buf is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./display/d.text.new/main.c:384 [error] - Undefined behaviour: buf is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./display/d.text.new/main.c:385 [error] - Undefined behaviour: buf is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./display/d.text.new/main.c:386 [error] - Undefined behaviour: buf is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./display/d.text.new/main.c:387 [error] - Undefined behaviour: buf is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./display/d.text.new/main.c:388 [error] - Undefined behaviour: buf is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./display/d.vect/label.c:97 [error] - Undefined behaviour: text is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./display/d.vect/label.c:99 [error] - Undefined behaviour: text is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./display/d.zoom/print.c:106 [error] - Undefined behaviour: buffer is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./display/d.zoom/print.c:113 [error] - Undefined behaviour: buffer is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./display/d.zoom/print.c:120 [error] - Undefined behaviour: buffer is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./gem/at_exit_funcs.c:103 [error] - Resource leak: dir
> * ./gem/main.c:405 [error] - Buffer overrun possible for long cmd-line
> args
> * ./gem/reg_entries.c:316 [error] - Resource leak: f_out
> * ./gem/reg_entries.c:525 [error] - Resource leak: f_out
> * ./gem/reg_entries.c:756 [error] - Resource leak: f_out
> * ./gem/reg_html.c:228 [error] - Resource leak: f_out
> * ./gem/reg_html.c:330 [error] - Resource leak: f_out
> * ./gem/reg_html.c:440 [error] - Resource leak: f_out
> * ./gem/tools.c:327 [error] - Memory leak: tmp
> * ./gem/tools.c:460 [error] - Memory leak: tmp
> * ./gem/tools.c:526 [error] - Memory leak: tmp
> * ./gem/tools.c:683 [error] - Resource leak: dir
> * ./gem/tools.c:719 [error] - Resource leak: dir
> * ./gem/tools.c:823 [error] - Resource leak: f
> * ./gui/wxpython/vdigit/pseudodc.cpp:150 [error] - Mismatching
> allocation and deallocation: gpdcDrawPolyPolygonOp::m_count
> * ./imagery/i.atcorr/AerosolConcentration.cpp:35 [error] - Passing value
> 0 to log() leads to undefined result
> * ./imagery/i.ortho.photo/photo.2image/ask.c:265 [error] - Resource
> leak: fd
> * ./imagery/i.ortho.photo/photo.2target/ask.c:263 [error] - Resource
> leak: fd
> * ./imagery/i.ortho.photo/photo.rectify/ps_cp.c:53 [error] -
> Uninitialized variable: msg
> * ./imagery/i.ortho.photo/photo.rectify/ps_cp.c:58 [error] -
> Uninitialized variable: msg
> * ./imagery/i.points/ask.c:264 [error] - Resource leak: fd
> * ./imagery/i.vpoints/ask.c:260 [error] - Resource leak: fd
> * ./lib/bitmap/bitmap.c:327 [error] - Memory leak: map
> * ./lib/bitmap/bitmap.c:351 [error] - Memory leak: map.data
> * ./lib/cairodriver/read_ppm.c:26 [error] - Resource leak: input
> * ./lib/cdhc/enormp.c:51 [error] - Uninitialized variable: x4
> * ./lib/dspf/cube_io.c:257 [error] - Buffer access out-of-bounds: in_buf
> * ./lib/edit/edit_cellhd.c:558 [error] - fflush() called on input stream
> "stdin" may result in undefined behaviour
> * ./lib/external/shapelib/shpopen.c:849 [error] - Memory leak:
> pszBasename
> * ./lib/gis/copy_file.c:48 [error] - Resource leak: infp
> * ./lib/gis/error.c:346 [error] - Resource leak: log
> * ./lib/gis/gdal.c:58 [error] - Uninitialized variable: sym
> * ./lib/gis/ls.c:114 [error] - Resource leak: dfd
> * ./lib/iostream/mm.cc:304 [error] - Memory leak: p
> * ./lib/iostream/mm.cc:355 [error] - Memory leak: p
> * ./lib/nviz/render.c:122 [error] - Possible null pointer dereference: v
> - otherwise it is redundant to check if v is null at line 128
> * ./lib/nviz/render.c:123 [error] - Possible null pointer dereference: v
> - otherwise it is redundant to check if v is null at line 128
> * ./lib/ogsf/gv.c:184 [error] - Possible null pointer dereference: gv -
> otherwise it is redundant to check if gv is null at line 186
> * ./lib/ogsf/gvl.c:188 [error] - Possible null pointer dereference: gvl
> - otherwise it is redundant to check if gvl is null at line 190
> * ./lib/symbol/read.c:345 [error] - Undefined behaviour: buf is used
> wrong in call to sprintf or snprintf. Quote: If copying takes place between
> objects that overlap as a result of a call to sprintf() or snprintf(), the
> results are undefined.
> * ./lib/symbol/read.c:429 [error] - Undefined behaviour: buf is used
> wrong in call to sprintf or snprintf. Quote: If copying takes place between
> objects that overlap as a result of a call to sprintf() or snprintf(), the
> results are undefined.
> * ./lib/vask/V_exit.c:57 [error] - fflush() called on input stream
> "stdin" may result in undefined behaviour
> * ./lib/vector/Vlib/dbcolumns.c:79 [error] - Undefined behaviour: buf is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./lib/vector/Vlib/dbcolumns.c:139 [error] - Undefined behaviour: buf
> is used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./lib/vector/Vlib/dbcolumns.c:202 [error] - Undefined behaviour: buf
> is used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./lib/vector/dglib/examples/opt.c:220 [error] - Memory leak: pszArgv
> * ./raster/r.flow/precomp.c:154 [error] - Array index -1 is out of
> bounds
> * ./raster/r.flow/precomp.c:158 [error] - Array index -1 is out of
> bounds
> * ./raster/r.flow/precomp.c:161 [error] - Array index -1 is out of
> bounds
> * ./raster/r.flow/precomp.c:163 [error] - Array index -1 is out of
> bounds
> * ./raster/r.flow/precomp.c:165 [error] - Array index -1 is out of
> bounds
> * ./raster/r.in.gridatb/file_io.c:64 [error] - Deallocating a
> deallocated pointer: fp
> * ./raster/r.li/r.li.cwed/cwed.c:127 [error] - Resource leak: file_fd
> * ./raster/r.li/r.li.cwed/cwed.c:333 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.cwed/cwed.c:476 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.cwed/cwed.c:612 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.daemon/daemon.c:282 [error] - Resource leak: res
> * ./raster/r.li/r.li.daemon/daemon.c:282 [error] - Resource leak:
> random_access
> * ./raster/r.li/r.li.daemon/daemon.c:708 [error] - Memory leak: file_buf
> * ./raster/r.li/r.li.daemon/worker.c:259 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.daemon/worker.c:262 [error] - Memory leak: buf
> * ./raster/r.li/r.li.dominance/dominance.c:159 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.dominance/dominance.c:370 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.dominance/dominance.c:574 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.edgedensity/edgedensity.c:164 [error] - Resource
> leak: mask_fd
> * ./raster/r.li/r.li.edgedensity/edgedensity.c:427 [error] - Resource
> leak: mask_fd
> * ./raster/r.li/r.li.edgedensity/edgedensity.c:692 [error] - Resource
> leak: mask_fd
> * ./raster/r.li/r.li.mpa/mpa.c:137 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.mpa/mpa.c:200 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.mpa/mpa.c:265 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.mps/mps.c:159 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.mps/mps.c:530 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.mps/mps.c:900 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.padcv/padcv.c:138 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.padcv/padcv.c:535 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.padcv/padcv.c:928 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.padrange/padrange.c:146 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.padrange/padrange.c:547 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.padrange/padrange.c:930 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.padsd/padsd.c:137 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.padsd/padsd.c:536 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.padsd/padsd.c:927 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.patchdensity/main.c:204 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.patchdensity/main.c:205 [error] - Memory leak:
> mask_buf
> * ./raster/r.li/r.li.patchnum/main.c:180 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.patchnum/main.c:181 [error] - Memory leak: mask_buf
> * ./raster/r.li/r.li.richness/richness.c:145 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.richness/richness.c:303 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.richness/richness.c:465 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.shannon/shannon.c:155 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.shannon/shannon.c:362 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.shannon/shannon.c:565 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.shape/main.c:85 [error] - Resource leak: mask_fd
> * ./raster/r.li/r.li.shape/main.c:85 [error] - Memory leak: mask_buf
> * ./raster/r.li/r.li.simpson/simpson.c:154 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.simpson/simpson.c:343 [error] - Resource leak:
> mask_fd
> * ./raster/r.li/r.li.simpson/simpson.c:532 [error] - Resource leak:
> mask_fd
> * ./raster/r.mfilter.fp/getfilt.c:162 [error] - Resource leak: fd
> * ./raster/r.mfilter/getfilt.c:160 [error] - Resource leak: fd
> * ./raster/r.out.gridatb/file_io.c:105 [error] - Resource leak: fp
> * ./raster/r.quant/read_rules.c:85 [error] - Buffer access
> out-of-bounds: buf
> * ./raster/r.statistics/o_distrib.c:70 [error] - Resource leak: fd1
> * ./raster/r.support/modcolr/modcolr.c:44 [error] - Dangerous usage of
> 'name' (strncpy doesn't always 0-terminate it)
> * ./raster/r.support/modhist/modhist.c:45 [error] - Dangerous usage of
> 'name' (strncpy doesn't always 0-terminate it)
> * ./raster/r.terraflow/nodata.h:65 [error] - Buffer access out-of-bounds
> * ./raster/r.terraflow/plateau.h:50 [error] - Buffer access
> out-of-bounds
> * ./raster/r.terraflow/unionFind.h:127 [error] - Common realloc mistake:
> "parent" nulled but not freed upon failure
> * ./raster/r.terraflow/unionFind.h:131 [error] - Common realloc mistake:
> "rank" nulled but not freed upon failure
> * ./raster/r.terraflow/stats.cc:80 [error] - Resource leak: fd
> * ./raster/r.terraflow/sweep.cc:158 [error] - Uninitialized variable:
> flowpq
> * ./raster3d/r3.in.v5d/v5d.c:2001 [error] - Resource leak: fd
> * ./raster3d/r3.in.v5d/v5d.c:2381 [error] - Resource leak: fd
> * ./raster3d/r3.out.v5d/v5d.c:2001 [error] - Resource leak: fd
> * ./raster3d/r3.out.v5d/v5d.c:2381 [error] - Resource leak: fd
> * ./raster3d/r3.showdspf/new_init_graphics.c:234 [error] - Resource
> leak: fp
> * ./raster3d/r3.stats/main.c:665 [error] - Possible null pointer
> dereference: eqvals - otherwise it is redundant to check if eqvals is null
> at line 672
> * ./raster3d/r3.stats/main.c:668 [error] - Possible null pointer
> dereference: eqvals - otherwise it is redundant to check if eqvals is null
> at line 672
> * ./vector/v.clean/test/topocheck.c:54 [error] - Invalid number of
> character (() when these macros are defined: ''.
> * ./vector/v.delaunay2/geometry.c:254 [error] - Uninitialized variable:
> v_n_o_b
> * ./vector/v.delaunay2/geometry.c:255 [error] - Uninitialized variable:
> v_n_d_b
> * ./vector/v.delaunay2/geometry.c:257 [error] - Uninitialized variable:
> v_n_o_b
> * ./vector/v.delaunay2/geometry.c:257 [error] - Uninitialized variable:
> v_n_d_b
> * ./vector/v.delaunay2/geometry.c:291 [error] - Uninitialized variable:
> v_p_o_b
> * ./vector/v.delaunay2/geometry.c:292 [error] - Uninitialized variable:
> v_p_d_b
> * ./vector/v.delaunay2/geometry.c:294 [error] - Uninitialized variable:
> v_p_o_b
> * ./vector/v.delaunay2/geometry.c:294 [error] - Uninitialized variable:
> v_p_d_b
> * ./vector/v.digit/i_face.c:91 [error] - Undefined behaviour: val is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./vector/v.digit/i_face.c:93 [error] - Undefined behaviour: val is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./vector/v.external/main.c:53 [error] - Undefined behaviour: buf is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./vector/v.external/main.c:55 [error] - Undefined behaviour: buf is
> used wrong in call to sprintf or snprintf. Quote: If copying takes place
> between objects that overlap as a result of a call to sprintf() or
> snprintf(), the results are undefined.
> * ./vector/v.in.dwg/entity.c:516 [error] - Array 'tempdouble[2]' index 2
> out of bounds
> * ./vector/v.in.dwg/entity.c:517 [error] - Array 'tempwidth[2]' index 2
> out of bounds
> * ./vector/v.in.dwg/main.c:219 [error] - Invalid number of character (()
> when these macros are defined: ''.
> * ./vector/v.label.sa/labels.c:131 [error] - Common realloc mistake:
> "labels" nulled but not freed upon failure
> * ./vector/v.mapcalc/list.c:524 [error] - Possible null pointer
> dereference: item
> * ./vector/v.mapcalc/list.c:525 [error] - Possible null pointer
> dereference: item
> * ./vector/v.mapcalc/vector.c:127 [error] - Passing value -1 to sqrt()
> leads to undefined result
> * ./visualization/nviz/src/togl.c:3548 [error] - Memory leak: pixels
>
>
>
> also that tool gives a list a possible bashisms, but I've just
> gone through those for devbr6, nothing of major concern there.
>
>
> Hamish
>
>
>
>
> _______________________________________________
> grass-dev mailing list
> grass-dev at lists.osgeo.org
> http://lists.osgeo.org/mailman/listinfo/grass-dev
>
More information about the grass-dev
mailing list