PVS-Studio vs Chromium

: : 23.05.2011

. ,

, PVS-Studio.

Chromium. Chromium -

Chromium .

Chromium Google Chrome, .

Chromium -

, Google Chrome.

Google Chromium -

(solution),

473

C/C++ . 460 155 . Chromium. . Chromium PVS-Studio. , ++ Chromium , : . . ,

460

. . Chromium ,

, Chromium PVS-Studio . . ,

int XX[] = { 1, 2, 3, 4 } ; size_t N = sizeof(XX) / sizeof(XX[0]);

#define count_of(arg) (sizeof(arg) / sizeof(arg[0]))

, ,

void Test(int C[3]) { int A[3]; int *B = Foo(); size_t x = count_of(A); // Ok x = count_of(B); // Error x = count_of(C); // Error }

count_of(A) . count_of() . count_of(B). , . , Miranda IM:

#define SIZEOF(X) (sizeof(X)/sizeof(X[0])) int Cache_GetLineText(..., LPTSTR text, int text_size, ...) { ...

tmi.printDateTime(pdnce ->hTimeZone, _T("t"), text, SIZEOF(text), 0); ... }

. :


A, .

    

          

void Test(int C[3]) { x = count_of(C); // Error }

++, . . , .
void Test(int (&C)[3]) { x = count_of(C); // Ok }

'C'

, :

count_of(C) Chromium. . , :

3.

template <typename T, size_t N> char (&ArraySizeHelper(T (&array)[N]))[N]; #define arraysize(array) (sizeof(ArraySizeHelper(array)))

N, . 'arraysize' sizeof()

N. 'char'.

, , , , :
template <typename T, size_t N>

, ArraySizeHe per. ArraySizeHe per . . , 'count_of()'. . ArraySizeHe per .

char (&ArraySizeHelper(T (&array)[N]))[N]; #define arraysize(array) (sizeof(ArraySizeHelper(array)))

ArraySizeHe per

void Test(int C[3]) { int A[3]; int *B = Foo(); size_t x = arraysize(A); // Ok x = arraysize(B); // x = arraysize(C); // }

. .

, , Google. .

if (!file_util::Delete(db_name, false) && !file_util::Delete(db_name, false)) { // Try to delete twice. If we can't, fail. LOG(ERROR) << "unable to delete old TopSites file"; return false; }

. ? , , , , , , Sleep(0) PVS-Studio? . . , . , : , , . . ? Chromium, 1000 . , . . . , , , . , . , , . , , . . . .

V512 A call of the 'memset' function will lead to underflow of the buffer '(exploded)'. platform time_win.cc 116

void NaCl::Time::Explode(bool is_local, Exploded* exploded) const { ... ZeroMemory(exploded, sizeof(exploded)); ... }

: sizeof(*exploded).

V502

Perhaps the '?:' operator works in a different way than it was

expected. The '?:' operator ha s a lower priority than the ' -' operator. views custom_frame_view.cc 400

static const int kClientEdgeThickness; int height() const; bool ShouldShowClientEdge() const;

void CustomFrameView::PaintMaximizedFrameBorder(gfx::Canvas* canvas ) { ... int edge_height = titlebar_bottom ->height() ShouldShowClientEdge() ? kClientEdgeThickness : 0; ... }

"?:" :

int edge_height = titlebar_bottom ->height() (ShouldShowClientEdge() ? kClientEdgeThickness : 0);

,
V547

Expression 'count < 0' is always false. Unsigned type value ncdecode_tablegen ncdecode_tablegen.c 197

is never < 0.

static void CharAdvance(char** buffer, size_t* buffer_size, size_t count) { if (count < 0) { NaClFatal("Unable to advance buffer by count!"); } else { ... }

"count < 0" . .

. , , ,

, , . :

,
V511

The sizeof() operator returns size of the pointer, and not common

of the array, in 'sizeof (salt)' expression. visitedlink_common.cc 84

void MD5Update(MD5Context* context, const void* buf, size_t len);

VisitedLinkCommon::Fingerprint VisitedLinkCommon::ComputeURLFingerprint( ... const uint8 salt[LINK_SALT_LENGTH]) { ... MD5Update(&ctx, salt, sizeof(salt)); ... }

MD5Update() ? . :

, -

. .

MD5Update(&ctx, salt, sizeof(salt[0]) * LINK_SALT_LENGTH);

:
VisitedLinkCommon::Fingerprint VisitedLinkCommon::ComputeURLFingerprint( ... const uint8 (&salt)[LINK_SALT_LENGTH]) { ... MD5Update(&ctx, salt, sizeof(salt)); ... }

:
V501 There are identical sub -expressions 'host !=

buzz::XmlConstants::str_empty ()' to the left and to the right of the '&&' operator. chromoting_jingle_glue iq_request.cc 248

void JingleInfoRequest::OnResponse(const buzz::XmlElement* stanza) { ... std::string host = server ->Attr(buzz::QN_JINGLE_INFO_HOST); std::string port_str = server ->Attr(buzz::QN_JINGLE_INFO_UDP); if (host != buzz::STR_EMPTY && host != buzz::STR_EMPTY) ... } {

port_str:
if (host != buzz::STR_EMPTY && port_str != buzz::STR_EMPTY) {

:
V530 The return value of function 'empty' is required to be utilized. np _proxy_service.cc 293

chrome_frame_npapi

bool NpProxyService::GetProxyValueJSONString(std::string* output) { DCHECK(output); output->empty(); ... }

: output->clear();

:
V522 Dereferencing of the null pointer ' plugin_instance' might take chrome_frame_npapi

place. Check the logical condition. chrome_frame_npapi.cc 517

bool ChromeFrameNPAPI::Invoke(...) { ChromeFrameNPAPI* plugin_instance = ChromeFrameInstanceFromNPObject(header); if (!plugin_instance && (plugin_instance ->automation_client_.get())) return false; ... }

,
V547

Expression 'current_idle_time < 0' is always false. Unsigned browser idle_win.cc 23

type value is never < 0.

IdleState CalculateIdleState(unsigned int idle_threshold) { ... DWORD current_idle_time = 0; ...

// Will go -ve if we have been idle for a long time (2gb seconds). if (current_idle_time < 0) current_idle_time = INT_MAX; ... }

, ,
V554

. Chromium.

. :

Incorrect use of auto_ptr. The memory allocated with 'new []' interactive_ui_tests 306

will be cleaned using 'delete'. accessibility_win_browsertest.cc

void AccessibleChecker::CheckAccessibleChildren(IAccessible* parent) { ... auto_ptr<VARIANT> child_array(new VARIANT[child_count]); ... }

, , . , . Chromium.

Chromium. , ( ICU):

V547 Expression '* string != 0 || * string != '_'' is always true. Probably the '&&' operator should be used here. 242 icui18n ucol_sit.cpp

U_CDECL_BEGIN static const char* U_CALLCONV _processVariableTop(...) { ... if(i == locElementCapacity && (*string != 0 || *string != '_')) {

*status = U_BUFFER_OVERFLOW_ERROR; } ... }

"(*string != 0 || *string != '_')" *string == '_').

: (*string == 0 ||

PVS-Studio . ,

Chromium Chromium. 460 , ,

, , . ,

P.S. : . . , . Chromium, PVS-Studio. . Google , . , . Chromium , Miranda IM Ultimate Toolbox. Chromium ? ,

P.P.S. , . . , FlylinkDC++.