SlideShare a Scribd company logo

Static analysis: errors in media player and bugless ICQ

P
PVS-Studio

I'd like to continue our excursion of software errors and demonstration of static code analysis' utility.

TechnologyEducation
1 of 9
Download to read offline
Static analysis: errors in media player and bugless ICQ Author: Andrey Karpov Date: 18.11.2010 I'd like to continue our excursion of software errors and demonstration of static code analysis' utility. This is my latest post about the PVS-Studio version which is not available for download yet. I think you will be able to try the first beta-version with a new set of general-purpose rules in a week. Let's consider two projects. The first is Fennec Media Project. This is a universal media player intended to play audio and high definition video. The source code package includes a lot of plugins and codecs but we will analyze only the player itself. You may download the source code of the latest 1.2 Alpha version here. The second project is qutIM. This is a cross-platform open-source instant messaging client. We analyzed the code available at the beginning of November, 2010. The set of source codes was provided by one of the developers but you may download it from the official site as well. Fennec Media Project. It is a small common project containing a common number of errors. Here is the first error. Or two first errors depending on how you count them. Well, the 'a' variable is used instead of the 'b' variable in two places. int fennec_tag_item_compare(struct fennec_audiotag_item *a, struct fennec_audiotag_item *b) { int v; if(a->tsize && a->tsize) v = abs(str_cmp(a->tdata, a->tdata)); else v = 1; return v; } PVS-Studio pointed to this code since the "a->tsize && a->tsize" condition is obviously suspicious. This is the diagnostic message itself and error's location in code: V501 There are identical sub-expressions to the left and to the right of the '&&' operator: a -> tsize && a -> tsize media library.c 1076
And here is an issue near and dear to every programmer - unnecessary semicolons. This is the first fragment: int settings_default(void) { ... for(i=0; i<16; i++); for(j=0; j<32; j++) { settings.conversion.equalizer_bands.boost[i][j] = 0.0; settings.conversion.equalizer_bands.preamp[i] = 0.0; } } This is the PVS-Studio's message and error's location in code: V529 Odd semicolon ';' after 'for' operator. settings.c 483 The second fragment: int trans_rest(transcoder_settings *trans) { ... for(i=0; i<16; i++); { trans->eq.eq.preamp[i] = 0.0; for(j=0; j<32; j++) { trans->eq.eq.boost[i][j] = 0.0; } } } The PVS-Studio's message and error's location in code: V529 Odd semicolon ';' after 'for' operator. settings.c 913
There are also two other fragments with ';' but I will not dwell upon them. Everything is similar and uninteresting. The issue I want to show further is not quite an error but just about. It is the CreateThread function which is used instead of _beginthreadex. There are several calls of CreateThread in Fennec but I will cite only one sample: t_sys_thread_handle sys_thread_call(t_sys_thread_function cfunc) { unsigned long tpr = 0; unsigned long tid = 0; return (t_sys_thread_handle) CreateThread(0, 0, cfunc, &tpr, 0,&tid); } The PVS-Studio's warning and error's location in code: V513 Use _beginthreadex/_endthreadex functions instead of CreateThread/ExitThread functions. system.c 331 I will not go into the depths explaining why you should use _beginthreadex/_endthreadex instead of CreateThread/ExitThread. I will explain it in brief while you may read more about it here, here and here. It is said in the Scripture (i.e. in MSDN): A thread in an executable that calls the C run-time library (CRT) should use the _beginthreadex and _endthreadex functions for thread management rather than CreateThread and ExitThread; this requires the use of the multi-threaded version of the CRT. If a thread created using CreateThread calls the CRT, the CRT may terminate the process in low-memory conditions. So, you'd better secure yourself and always call _beginthreadex/_endthreadex. By the way, Jeffrey Richter recommends to do the same thing in the sixth chapter of "Advanced Windows: Win32-software development considering the specifics of 64-bit Windows" / Translated from English, 4th issue. We also detected some poor cases of using the memset function. By the way, I have thought until recently that the anxiety about using memset, memcmp and memcpy is a thing of the past. They say programmers wrote code with them earlier but now everybody is aware of their danger and is careful using these functions - they rather use sizeof(), STL-containers and so on. And everything is calm and quiet. Well, no. During the last month, I encountered so many howlers with these functions that I may say such errors are still alive and vivid. But let's return to Fennec. Here is the first memset: #define uinput_size 1024 typedef wchar_t letter; letter uinput_text[uinput_size]; string basewindows_getuserinput(const string title,
const string cap, const string dtxt) { memset(uinput_text, 0, uinput_size); ... } The PVS-Studio's warning and error's location in code: V512 A call of the 'memset' function will lead to a buffer overflow or underflow. base windows.c 151 At first sight, everything is ok with "memset(uinput_text, 0, uinput_size);". Perhaps everything would be ok in those times when the 'letter' type was the 'char' type. But now it is 'wchar_t', so this code clears only half of the buffer. Here is the second poor memset: typedef wchar_t letter; letter name[30]; int Conv_EqualizerProc(HWND hwnd,UINT uMsg, WPARAM wParam,LPARAM lParam) { ... memset(eqp.name, 0, 30); ... } Magic numbers are indeed evil. It does not look too much difficult to write "sizeof(eqp.name)" but still we are not writing it again and again and shoot off our own legs :). The PVS-Studio's warning and error's location in code: V512 A call of the 'memset' function will lead to a buffer overflow or underflow. base windows.c 2892 There is also one more place with this error: V512 A call of the 'memset' function will lead to a buffer overflow or underflow. transcode settings.c 588 Perhaps you noticed when working with some programs that file open/save dialogues behaved strangely or there was some nonsense in the fields of available extensions. Now you will learn the reasons for those strange things.
There are structures in Windows API where string-pointers must end with double zero. The most widely used member is the lpstrFilter member in the OPENFILENAME structure. This parameter actually refers to a chain of strings separated by '0' character. It is to know that the strings have ended that we need those two zeroes at the end. However, one might easily forget about it. Consider this code fragment: int JoiningProc(HWND hwnd,UINT uMsg, WPARAM wParam,LPARAM lParam) { ... OPENFILENAME lofn; memset(&lofn, 0, sizeof(lofn)); ... lofn.lpstrFilter = uni("All Files (*.*)0*.*"); ... } The PVS-Studio's message and error's location in code: V540 Member 'lpstrFilter' should point to string terminated by two 0 characters. base windows.c 5309 Whether the dialogue will work well or not depends upon what follows the string "All Files (*.*)0*.*" in memory. The correct code must look this way: "All Files (*.*)0*.*0". We wrote one zero manually while the compiler will add one more zero. There is a similar problem with other dialogues too. int callback_presets_dialog(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) { ... // SAVE OPENFILENAME lofn; memset(&lofn, 0, sizeof(lofn)); ... lofn.lpstrFilter = uni("Equalizer Preset (*.feq)0*.feq"); ...
... // LOAD ... lofn.lpstrFilter = uni("Equalizer Preset (*.feq)0*.feq"); ... } int localsf_show_save_playlist(void) { OPENFILENAME lofn; memset(&lofn, 0, sizeof(lofn)); ... lofn.lpstrFilter = uni("Text file (*.txt)0*.txt0M3U file0*.m3u"); ... } The PVS-Studio's warning messages and error's location in code: V540 Member 'lpstrFilter' should point to string terminated by two 0 characters. base windows.c 986 V540 Member 'lpstrFilter' should point to string terminated by two 0 characters. base windows.c 1039 V540 Member 'lpstrFilter' should point to string terminated by two 0 characters. shared functions.c 360 And now look at a very suspicious function. However, I do not know if there is actually an error or it is just a poorly written code: unsigned long ml_cache_getcurrent_item(void) { if(!mode_ml) return skin.shared->audio.output.playlist.getcurrentindex(); else return skin.shared->audio.output.playlist.getcurrentindex(); } The PVS-Studio's warning and error's location in code: V523 The 'then' statement is equivalent to the 'else' statement. media library window.c 430
I did not want to analyze various plugins shipped together with Fennec, but there are as many poor fragments. I will only give a couple of samples. This is a code fragment from the project Codec ACC. void MP4RtpHintTrack::GetPayload(...) { ... if (pSlash != NULL) { pSlash++; if (pSlash != '0') { length = strlen(pRtpMap) - (pSlash - pRtpMap); *ppEncodingParams = (char *)MP4Calloc(length + 1); strncpy(*ppEncodingParams, pSlash, length); } } As it is written in the PVS-Studio's diagnostic message: V528 It is odd that pointer to 'char' type is compared with the '0' value. Probably meant: *pSlash != '0'. rtphint.cpp 346, Developers forgot to dereference the pointer here. It turns out that we have a meaningless comparison of the pointer to 0. The code must look this way: "if (*pSlash != '0')". This is a code fragment from the project Decoder Mpeg Audio: void* tag_write_setframe(char *tmem, const char *tid, const string dstr) { ... if(lset) { fhead[11] = '0'; fhead[12] = '0'; fhead[13] = '0'; fhead[13] = '0'; } ...
} The PVS-Studio's message and error's location in code: V525 The code containing the collection of similar blocks. Check items '11', '12', '13', '13' in lines 716, 717, 718, 719. id3 editor.c 716 Here it is - the evil Copy-Paste method :). On the whole, the general-purpose analysis in PVS-Studio demonstrated good capabilities by the example of the Fennec Media Project project. The percentage of false alarms accompanying the analysis was rather low. Altogether, PVS-Studio pointed to 31 code fragments, 19 fragments out of them actually needed to be fixed. Now let's turn to the qutIM project. PVS-Studio failed with it. It did not find errors in it despite a rather large size of the project (about 200 thousand lines), although there are certainly some. There are errors always and everywhere :). The developers of qutIM do not argue about that because qutIM does crash sometimes. So we have to give one score to the "error team". What does it mean? It means that: 1) The qutIM project is a very quality product. Although it contains errors, they are rather few and are of a level too high for static analysis (at least for PVS-Studio). 2) A long way of progress and learning higher-level diagnoses lies ahead of PVS-Studio. Now it is clearer to us what we must strive for. Our purpose is to find a couple of real errors in qutIM. Did PVS-Studio generate some messages for the qutIM project? Yes, it did. But they were few and most of them were false alarms. Among all of them, we can single out only the following things which are of some interest. A) CreateThread functions are used. B) We found some strange functions. One of the qutIM's authors told us later that these had been stabs the authors had forgotten to remove. What is strange about them is that one has the name save() and the other has the name cancel() but their contents are the same: void XSettingsWindow::save() { QWidget *c = p->stackedWidget->currentWidget(); while (p->modifiedWidgets.count()) { SettingsWidget *widget = p->modifiedWidgets.takeFirst(); widget->save();
if (widget != c) widget->deleteLater(); } p->buttonBox->close(); } void XSettingsWindow::cancel() { QWidget *c = p->stackedWidget->currentWidget(); while (p->modifiedWidgets.count()) { SettingsWidget *widget = p->modifiedWidgets.takeFirst(); widget->save(); if (widget != c) widget->deleteLater(); } p->buttonBox->close(); } The PVS-Studio's warning: V524 It is odd that the 'cancel' function is fully equivalent to the 'save' function (xsettingswindow.cpp, line 256). xsettingswindow.cpp 268 I hope you found this post interesting and would like to try PVS-Studio 4.00 Beta soon. Of course, PVS- Studio finds few general errors at present but it is only the beginning. Besides, fixing even one single error at the stage of coding might let you save a lot of customers', testers' and programmers' nerves.

Recommended

Parallel Lint
Parallel LintParallel Lint
Parallel LintPVS-Studio
 
National Technical Honor Society Summer Conference 2011
National Technical Honor Society Summer Conference 2011National Technical Honor Society Summer Conference 2011
National Technical Honor Society Summer Conference 2011Jeremy Zweiacker
 
Oklahoma 4H Roundup 2011
Oklahoma 4H Roundup 2011Oklahoma 4H Roundup 2011
Oklahoma 4H Roundup 2011Jeremy Zweiacker
 
BCA Expo July 2011
BCA Expo July 2011BCA Expo July 2011
BCA Expo July 2011Creative Business Consulting Group
 
Surface finishing
Surface finishingSurface finishing
Surface finishingMetrohm India Limited
 
MIS in Asia: Opportunity to Lead
MIS in Asia: Opportunity to LeadMIS in Asia: Opportunity to Lead
MIS in Asia: Opportunity to LeadRob Cayzer
 
Building an Active Online Member Community
Building an Active Online Member CommunityBuilding an Active Online Member Community
Building an Active Online Member CommunityBrian Reuwee
 
Sba loan programs
Sba loan programsSba loan programs
Sba loan programsVeterans Chamber of Commerce
 

Recommended

Parallel Lint
Parallel LintParallel Lint
Parallel LintPVS-Studio
 
National Technical Honor Society Summer Conference 2011
National Technical Honor Society Summer Conference 2011National Technical Honor Society Summer Conference 2011
National Technical Honor Society Summer Conference 2011Jeremy Zweiacker
 
Oklahoma 4H Roundup 2011
Oklahoma 4H Roundup 2011Oklahoma 4H Roundup 2011
Oklahoma 4H Roundup 2011Jeremy Zweiacker
 
BCA Expo July 2011
BCA Expo July 2011BCA Expo July 2011
BCA Expo July 2011Creative Business Consulting Group
 
Surface finishing
Surface finishingSurface finishing
Surface finishingMetrohm India Limited
 
MIS in Asia: Opportunity to Lead
MIS in Asia: Opportunity to LeadMIS in Asia: Opportunity to Lead
MIS in Asia: Opportunity to LeadRob Cayzer
 
Building an Active Online Member Community
Building an Active Online Member CommunityBuilding an Active Online Member Community
Building an Active Online Member CommunityBrian Reuwee
 
Sba loan programs
Sba loan programsSba loan programs
Sba loan programsVeterans Chamber of Commerce
 
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 

More Related Content

Recently uploaded

(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...AliaaTarek5
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxLoriGlavin3
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxLoriGlavin3
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersRaghuram Pandurangan
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsRavi Sanghani
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch TuesdayIvanti
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentPim van der Noll
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxLoriGlavin3
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxLoriGlavin3
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersNicole Novielli
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Scott Andery
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfMounikaPolabathina
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesThousandEyes
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsNathaniel Shimoni
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterMydbops
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesThousandEyes
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 

Recently uploaded (20)

(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
(How to Program) Paul Deitel, Harvey Deitel-Java How to Program, Early Object...
 
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptxMerck Moving Beyond Passwords: FIDO Paris Seminar.pptx
Merck Moving Beyond Passwords: FIDO Paris Seminar.pptx
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptxUse of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
Use of FIDO in the Payments and Identity Landscape: FIDO Paris Seminar.pptx
 
Generative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information DevelopersGenerative AI for Technical Writer or Information Developers
Generative AI for Technical Writer or Information Developers
 
Potential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and InsightsPotential of AI (Generative AI) in Business: Learnings and Insights
Potential of AI (Generative AI) in Business: Learnings and Insights
 
2024 April Patch Tuesday
2024 April Patch Tuesday2024 April Patch Tuesday
2024 April Patch Tuesday
 
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native developmentEmixa Mendix Meetup 11 April 2024 about Mendix Native development
Emixa Mendix Meetup 11 April 2024 about Mendix Native development
 
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptxDigital Identity is Under Attack: FIDO Paris Seminar.pptx
Digital Identity is Under Attack: FIDO Paris Seminar.pptx
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptxThe Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
The Role of FIDO in a Cyber Secure Netherlands: FIDO Paris Seminar.pptx
 
A Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software DevelopersA Journey Into the Emotions of Software Developers
A Journey Into the Emotions of Software Developers
 
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
Enhancing User Experience - Exploring the Latest Features of Tallyman Axis Lo...
 
What is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdfWhat is DBT - The Ultimate Data Build Tool.pdf
What is DBT - The Ultimate Data Build Tool.pdf
 
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyesAssure Ecommerce and Retail Operations Uptime with ThousandEyes
Assure Ecommerce and Retail Operations Uptime with ThousandEyes
 
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data PrivacyTrustArc Webinar - How to Build Consumer Trust Through Data Privacy
TrustArc Webinar - How to Build Consumer Trust Through Data Privacy
 
Time Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directionsTime Series Foundation Models - current state and future directions
Time Series Foundation Models - current state and future directions
 
Scale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL RouterScale your database traffic with Read & Write split using MySQL Router
Scale your database traffic with Read & Write split using MySQL Router
 
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyesHow to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
How to Effectively Monitor SD-WAN and SASE Environments with ThousandEyes
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 

Featured

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by HubspotMarius Sescu
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTExpeed Software
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsPixeldarts
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthThinkNow
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfmarketingartwork
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024Neil Kimberley
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)contently
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024Albert Qian
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsKurio // The Social Media Age(ncy)
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Search Engine Journal
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summarySpeakerHub
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next Tessa Mero
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentLily Ray
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesVit Horky
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project managementMindGenius
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...RachelPearson36
 

Featured (20)

2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot2024 State of Marketing Report – by Hubspot
2024 State of Marketing Report – by Hubspot
 
Everything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPTEverything You Need To Know About ChatGPT
Everything You Need To Know About ChatGPT
 
Product Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage EngineeringsProduct Design Trends in 2024 | Teenage Engineerings
Product Design Trends in 2024 | Teenage Engineerings
 
How Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental HealthHow Race, Age and Gender Shape Attitudes Towards Mental Health
How Race, Age and Gender Shape Attitudes Towards Mental Health
 
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdfAI Trends in Creative Operations 2024 by Artwork Flow.pdf
AI Trends in Creative Operations 2024 by Artwork Flow.pdf
 
Skeleton Culture Code
Skeleton Culture CodeSkeleton Culture Code
Skeleton Culture Code
 
PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024PEPSICO Presentation to CAGNY Conference Feb 2024
PEPSICO Presentation to CAGNY Conference Feb 2024
 
Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)Content Methodology: A Best Practices Report (Webinar)
Content Methodology: A Best Practices Report (Webinar)
 
How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024How to Prepare For a Successful Job Search for 2024
How to Prepare For a Successful Job Search for 2024
 
Social Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie InsightsSocial Media Marketing Trends 2024 // The Global Indie Insights
Social Media Marketing Trends 2024 // The Global Indie Insights
 
Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024Trends In Paid Search: Navigating The Digital Landscape In 2024
Trends In Paid Search: Navigating The Digital Landscape In 2024
 
5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary5 Public speaking tips from TED - Visualized summary
5 Public speaking tips from TED - Visualized summary
 
ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd ChatGPT and the Future of Work - Clark Boyd
ChatGPT and the Future of Work - Clark Boyd
 
Getting into the tech field. what next
Getting into the tech field. what next Getting into the tech field. what next
Getting into the tech field. what next
 
Google's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search IntentGoogle's Just Not That Into You: Understanding Core Updates & Search Intent
Google's Just Not That Into You: Understanding Core Updates & Search Intent
 
How to have difficult conversations
How to have difficult conversations How to have difficult conversations
How to have difficult conversations
 
Introduction to Data Science
Introduction to Data ScienceIntroduction to Data Science
Introduction to Data Science
 
Time Management & Productivity - Best Practices
Time Management & Productivity - Best PracticesTime Management & Productivity - Best Practices
Time Management & Productivity - Best Practices
 
The six step guide to practical project management
The six step guide to practical project managementThe six step guide to practical project management
The six step guide to practical project management
 
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
Beginners Guide to TikTok for Search - Rachel Pearson - We are Tilt __ Bright...
 

Static analysis: errors in media player and bugless ICQ

  • 1. Static analysis: errors in media player and bugless ICQ Author: Andrey Karpov Date: 18.11.2010 I'd like to continue our excursion of software errors and demonstration of static code analysis' utility. This is my latest post about the PVS-Studio version which is not available for download yet. I think you will be able to try the first beta-version with a new set of general-purpose rules in a week. Let's consider two projects. The first is Fennec Media Project. This is a universal media player intended to play audio and high definition video. The source code package includes a lot of plugins and codecs but we will analyze only the player itself. You may download the source code of the latest 1.2 Alpha version here. The second project is qutIM. This is a cross-platform open-source instant messaging client. We analyzed the code available at the beginning of November, 2010. The set of source codes was provided by one of the developers but you may download it from the official site as well. Fennec Media Project. It is a small common project containing a common number of errors. Here is the first error. Or two first errors depending on how you count them. Well, the 'a' variable is used instead of the 'b' variable in two places. int fennec_tag_item_compare(struct fennec_audiotag_item *a, struct fennec_audiotag_item *b) { int v; if(a->tsize && a->tsize) v = abs(str_cmp(a->tdata, a->tdata)); else v = 1; return v; } PVS-Studio pointed to this code since the "a->tsize && a->tsize" condition is obviously suspicious. This is the diagnostic message itself and error's location in code: V501 There are identical sub-expressions to the left and to the right of the '&&' operator: a -> tsize && a -> tsize media library.c 1076
  • 2. And here is an issue near and dear to every programmer - unnecessary semicolons. This is the first fragment: int settings_default(void) { ... for(i=0; i<16; i++); for(j=0; j<32; j++) { settings.conversion.equalizer_bands.boost[i][j] = 0.0; settings.conversion.equalizer_bands.preamp[i] = 0.0; } } This is the PVS-Studio's message and error's location in code: V529 Odd semicolon ';' after 'for' operator. settings.c 483 The second fragment: int trans_rest(transcoder_settings *trans) { ... for(i=0; i<16; i++); { trans->eq.eq.preamp[i] = 0.0; for(j=0; j<32; j++) { trans->eq.eq.boost[i][j] = 0.0; } } } The PVS-Studio's message and error's location in code: V529 Odd semicolon ';' after 'for' operator. settings.c 913
  • 3. There are also two other fragments with ';' but I will not dwell upon them. Everything is similar and uninteresting. The issue I want to show further is not quite an error but just about. It is the CreateThread function which is used instead of _beginthreadex. There are several calls of CreateThread in Fennec but I will cite only one sample: t_sys_thread_handle sys_thread_call(t_sys_thread_function cfunc) { unsigned long tpr = 0; unsigned long tid = 0; return (t_sys_thread_handle) CreateThread(0, 0, cfunc, &tpr, 0,&tid); } The PVS-Studio's warning and error's location in code: V513 Use _beginthreadex/_endthreadex functions instead of CreateThread/ExitThread functions. system.c 331 I will not go into the depths explaining why you should use _beginthreadex/_endthreadex instead of CreateThread/ExitThread. I will explain it in brief while you may read more about it here, here and here. It is said in the Scripture (i.e. in MSDN): A thread in an executable that calls the C run-time library (CRT) should use the _beginthreadex and _endthreadex functions for thread management rather than CreateThread and ExitThread; this requires the use of the multi-threaded version of the CRT. If a thread created using CreateThread calls the CRT, the CRT may terminate the process in low-memory conditions. So, you'd better secure yourself and always call _beginthreadex/_endthreadex. By the way, Jeffrey Richter recommends to do the same thing in the sixth chapter of "Advanced Windows: Win32-software development considering the specifics of 64-bit Windows" / Translated from English, 4th issue. We also detected some poor cases of using the memset function. By the way, I have thought until recently that the anxiety about using memset, memcmp and memcpy is a thing of the past. They say programmers wrote code with them earlier but now everybody is aware of their danger and is careful using these functions - they rather use sizeof(), STL-containers and so on. And everything is calm and quiet. Well, no. During the last month, I encountered so many howlers with these functions that I may say such errors are still alive and vivid. But let's return to Fennec. Here is the first memset: #define uinput_size 1024 typedef wchar_t letter; letter uinput_text[uinput_size]; string basewindows_getuserinput(const string title,
  • 4. const string cap, const string dtxt) { memset(uinput_text, 0, uinput_size); ... } The PVS-Studio's warning and error's location in code: V512 A call of the 'memset' function will lead to a buffer overflow or underflow. base windows.c 151 At first sight, everything is ok with "memset(uinput_text, 0, uinput_size);". Perhaps everything would be ok in those times when the 'letter' type was the 'char' type. But now it is 'wchar_t', so this code clears only half of the buffer. Here is the second poor memset: typedef wchar_t letter; letter name[30]; int Conv_EqualizerProc(HWND hwnd,UINT uMsg, WPARAM wParam,LPARAM lParam) { ... memset(eqp.name, 0, 30); ... } Magic numbers are indeed evil. It does not look too much difficult to write "sizeof(eqp.name)" but still we are not writing it again and again and shoot off our own legs :). The PVS-Studio's warning and error's location in code: V512 A call of the 'memset' function will lead to a buffer overflow or underflow. base windows.c 2892 There is also one more place with this error: V512 A call of the 'memset' function will lead to a buffer overflow or underflow. transcode settings.c 588 Perhaps you noticed when working with some programs that file open/save dialogues behaved strangely or there was some nonsense in the fields of available extensions. Now you will learn the reasons for those strange things.
  • 5. There are structures in Windows API where string-pointers must end with double zero. The most widely used member is the lpstrFilter member in the OPENFILENAME structure. This parameter actually refers to a chain of strings separated by '0' character. It is to know that the strings have ended that we need those two zeroes at the end. However, one might easily forget about it. Consider this code fragment: int JoiningProc(HWND hwnd,UINT uMsg, WPARAM wParam,LPARAM lParam) { ... OPENFILENAME lofn; memset(&lofn, 0, sizeof(lofn)); ... lofn.lpstrFilter = uni("All Files (*.*)0*.*"); ... } The PVS-Studio's message and error's location in code: V540 Member 'lpstrFilter' should point to string terminated by two 0 characters. base windows.c 5309 Whether the dialogue will work well or not depends upon what follows the string "All Files (*.*)0*.*" in memory. The correct code must look this way: "All Files (*.*)0*.*0". We wrote one zero manually while the compiler will add one more zero. There is a similar problem with other dialogues too. int callback_presets_dialog(HWND hwnd, UINT msg, WPARAM wParam, LPARAM lParam) { ... // SAVE OPENFILENAME lofn; memset(&lofn, 0, sizeof(lofn)); ... lofn.lpstrFilter = uni("Equalizer Preset (*.feq)0*.feq"); ...
  • 6. ... // LOAD ... lofn.lpstrFilter = uni("Equalizer Preset (*.feq)0*.feq"); ... } int localsf_show_save_playlist(void) { OPENFILENAME lofn; memset(&lofn, 0, sizeof(lofn)); ... lofn.lpstrFilter = uni("Text file (*.txt)0*.txt0M3U file0*.m3u"); ... } The PVS-Studio's warning messages and error's location in code: V540 Member 'lpstrFilter' should point to string terminated by two 0 characters. base windows.c 986 V540 Member 'lpstrFilter' should point to string terminated by two 0 characters. base windows.c 1039 V540 Member 'lpstrFilter' should point to string terminated by two 0 characters. shared functions.c 360 And now look at a very suspicious function. However, I do not know if there is actually an error or it is just a poorly written code: unsigned long ml_cache_getcurrent_item(void) { if(!mode_ml) return skin.shared->audio.output.playlist.getcurrentindex(); else return skin.shared->audio.output.playlist.getcurrentindex(); } The PVS-Studio's warning and error's location in code: V523 The 'then' statement is equivalent to the 'else' statement. media library window.c 430
  • 7. I did not want to analyze various plugins shipped together with Fennec, but there are as many poor fragments. I will only give a couple of samples. This is a code fragment from the project Codec ACC. void MP4RtpHintTrack::GetPayload(...) { ... if (pSlash != NULL) { pSlash++; if (pSlash != '0') { length = strlen(pRtpMap) - (pSlash - pRtpMap); *ppEncodingParams = (char *)MP4Calloc(length + 1); strncpy(*ppEncodingParams, pSlash, length); } } As it is written in the PVS-Studio's diagnostic message: V528 It is odd that pointer to 'char' type is compared with the '0' value. Probably meant: *pSlash != '0'. rtphint.cpp 346, Developers forgot to dereference the pointer here. It turns out that we have a meaningless comparison of the pointer to 0. The code must look this way: "if (*pSlash != '0')". This is a code fragment from the project Decoder Mpeg Audio: void* tag_write_setframe(char *tmem, const char *tid, const string dstr) { ... if(lset) { fhead[11] = '0'; fhead[12] = '0'; fhead[13] = '0'; fhead[13] = '0'; } ...
  • 8. } The PVS-Studio's message and error's location in code: V525 The code containing the collection of similar blocks. Check items '11', '12', '13', '13' in lines 716, 717, 718, 719. id3 editor.c 716 Here it is - the evil Copy-Paste method :). On the whole, the general-purpose analysis in PVS-Studio demonstrated good capabilities by the example of the Fennec Media Project project. The percentage of false alarms accompanying the analysis was rather low. Altogether, PVS-Studio pointed to 31 code fragments, 19 fragments out of them actually needed to be fixed. Now let's turn to the qutIM project. PVS-Studio failed with it. It did not find errors in it despite a rather large size of the project (about 200 thousand lines), although there are certainly some. There are errors always and everywhere :). The developers of qutIM do not argue about that because qutIM does crash sometimes. So we have to give one score to the "error team". What does it mean? It means that: 1) The qutIM project is a very quality product. Although it contains errors, they are rather few and are of a level too high for static analysis (at least for PVS-Studio). 2) A long way of progress and learning higher-level diagnoses lies ahead of PVS-Studio. Now it is clearer to us what we must strive for. Our purpose is to find a couple of real errors in qutIM. Did PVS-Studio generate some messages for the qutIM project? Yes, it did. But they were few and most of them were false alarms. Among all of them, we can single out only the following things which are of some interest. A) CreateThread functions are used. B) We found some strange functions. One of the qutIM's authors told us later that these had been stabs the authors had forgotten to remove. What is strange about them is that one has the name save() and the other has the name cancel() but their contents are the same: void XSettingsWindow::save() { QWidget *c = p->stackedWidget->currentWidget(); while (p->modifiedWidgets.count()) { SettingsWidget *widget = p->modifiedWidgets.takeFirst(); widget->save();
  • 9. if (widget != c) widget->deleteLater(); } p->buttonBox->close(); } void XSettingsWindow::cancel() { QWidget *c = p->stackedWidget->currentWidget(); while (p->modifiedWidgets.count()) { SettingsWidget *widget = p->modifiedWidgets.takeFirst(); widget->save(); if (widget != c) widget->deleteLater(); } p->buttonBox->close(); } The PVS-Studio's warning: V524 It is odd that the 'cancel' function is fully equivalent to the 'save' function (xsettingswindow.cpp, line 256). xsettingswindow.cpp 268 I hope you found this post interesting and would like to try PVS-Studio 4.00 Beta soon. Of course, PVS- Studio finds few general errors at present but it is only the beginning. Besides, fixing even one single error at the stage of coding might let you save a lot of customers', testers' and programmers' nerves.