Hi Andrey, Thank you for bringing this to our attention. I will look into each of them and bring corrective actions when required. Best regards, -Jamel
PVS-Studio vs IEC SDK
如需更全面地了解编译器优化,请参阅优化注意事项。
- 登录以发表评论
星期四, 28/07/2011 - 07:30
- 登录以发表评论
星期四, 04/08/2011 - 17:06
Hi Andrey,
Thank you for letting me using
your analyzer to improve the quality of our code.
It was a great experience
and really appreciated the insight provided by your SW.
I got some great catches!
All the changes I mad will
be incorporated into our next refresh.
Merci,
-Jamel
PVS-Studio vs IEC SDK
I checked the IEC SDK project using the PVS-Studio static code analyzer. I just glanced through the code but managed to find a few obviously odd fragments. Below I will cite the analyzer-generated messages I have studied and the corresponding code fragments. I hope this will help to improve the project a bit. You may review other odd fragments by downloading PVS-Studio from here.
I can also give you a registration key for some time. You are welcome to ask questions here: feedback
---------------------- V512 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 683 #define PL_MAX_PATH 255 typedef WCHAR TCHAR, *PTCHAR; TCHAR pl_cvt_buffer[PL_MAX_PATH] = { '\\0' }; int plh_read_pl_config_ini_file(...) { ... ZeroMemory( pl_cvt_buffer, PL_MAX_PATH ); ... } And here: V512 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 714 V512 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 745 V512 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 789 V512 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 1247 V512 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 1279 V512 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 1311 V512 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link_helper.c 1374 V512 A call of the 'memset' function will lead to underflow of the buffer '(pl_cvt_buffer)'. pl_csv_logger productivity_link.c 11466 ---------------------- V568 It's odd that the argument of sizeof() operator is the '& file_data' expression. pl_csv_logger productivity_link_helper.c 1667 int plh_read_pl_folder(PPLH_PL_FOLDER_INFO pconfig) { ... WIN32_FIND_DATA file_data; ... memset( &file_data, 0, sizeof(&file_data) ); ... } Need: sizeof(file_data) And here: V568 It's odd that the argument of sizeof() operator is the '& file_data' expression. pl_csv_logger productivity_link_helper.c 1831 ---------------------- V512 A call of the 'memset' function will lead to underflow of the buffer 'pconfig'. pl_csv_logger productivity_link_helper.c 1806 typedef struct _plh_dynamic_pl_folder_info { ... } PLH_DYNAMIC_PL_FOLDER_INFO, *PPLH_DYNAMIC_PL_FOLDER_INFO; int plh_dynamic_read_pl_folder(PPLH_DYNAMIC_PL_FOLDER_INFO pconfig) { ... memset( pconfig, 0, sizeof(pconfig) ); ... } Need: sizeof(*pconfig) ---------------------- V512 A call of the 'memset' function will lead to underflow of the buffer 'temp'. core_api_unit_tests unit_tests_tools.c 379 void plt_tools_get_pl_config_full_file_name(char *buffer) { ... char temp[PL_MAX_PATH] = { '\\0' }; ... memset( temp, 0, sizeof(buffer) ); ... } Need: sizeof(temp) ---------------------- V576 Incorrect format. Consider checking the second actual argument of the 'wprintf' function. The pointer to string of wchar_t type symbols is expected. producer producer.c 166 int main(void) { ... char *p = NULL; ... wprintf( _T("Using power link directory: %s\\n"), p ); ... } Need use printf() or convert p. ---------------------- V557 Array overrun is possible. The '255' index is pointing beyond array bound. pl2ganglia pl2ganglia.c 1114 #define PL_MAX_PATH 255 #define PL2GANFLIA_COUNTER_MAX_LENGTH PL_MAX_PATH char name[PL_MAX_PATH]; int main(int argc, char *argv[]) { ... p->pl_counters_data[i].name[ PL2GANFLIA_COUNTER_MAX_LENGTH ] = '\\0'; ... } Need: p->pl_counters_data[i].name[ PL2GANFLIA_COUNTER_MAX_LENGTH - 1 ] = '\\0'; And here: V557 Array overrun is possible. The '255' index is pointing beyond array bound. pl2ganglia pl2ganglia.c 1134 ---------------------- V576 Incorrect format. A different number of actual arguments is expected while calling 'printf' function. Expected: 2. Present: 3. uuid_variant_sample uuid_variant_sample.c 259 int main(void) { ... printf( "Attach to [%s] Has Failed Possibly Because of a platform UUID variant.\\n", pl_config_file_name, pld ); ... } Need add "%i" or delete "pld" argument. ---------------------- V571 Recurring check. The 'if (ret == PL_FAILURE)' condition was already verified in line 1008. pl_csv_logger pl_csv_logger.c 1009 int main(int argc, char *argv[]) { ... if(ret == PL_FAILURE) { if(ret == PL_FAILURE) { pl_csv_logger_error( PL_CSV_LOGGER_ERROR_UNABLE_TO_READ_PL ); ... } ----------------------