RISC OS Open
Safeguarding the past, present and future of RISC OS for everyone
ROOL
Home | News | Downloads | Bugs | Bounties | Forum | Documents | Photos | Contact us
Account
Forums → Bugs →

Possible bugs

Subscribe to Possible bugs 15 posts, 3 voices

 
Sep 11, 2017 6:41pm
Avatar Dominic Plunkett (2556) 31 posts

Some of these are minor, some issues may not actually exist. These have been found with CPPcheck.

Fixed Apps\Help2\c\main line 235 leaks expanded_string if malloc of buffer fails.
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Apps/Help2/c/main?rev=1.7;content-type=text%2Fx-cvsweb-markup#l235

Fixed FileSys\ImageFS\DosFS\c\DOSFS line 1566 .code[] is defined to have 384 elements for loop accesses up to element 480.
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/FileSys/ImageFS/DOSFS/c/DOSFS?rev=4.28;content-type=text%2Fx-cvsweb-markup#l1566

Fixed FileSys\ImageFS\DosFS\c\DOSFS line 621 dr.dr_discname might be being access beyond the end as I think sprintf might add and extra null terminator.
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/FileSys/ImageFS/DOSFS/c/DOSFS?rev=4.28;content-type=text%2Fx-cvsweb-markup#l621

Fixed Internat\IntKey\c\keygen line 577 Array uc4 is accessed at index 7
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Internat/IntKey/c/keygen?rev=1.12;content-type=text%2Fx-cvsweb-markup#l577

Fixed Networking\Omni\Protocols\LanManFS\c\SMB line 887 Array SMB_RxWords14 is accessed at index 16
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Networking/Omni/Protocols/LanManFS/c/SMB?rev=1.23;content-type=text%2Fx-cvsweb-markup#l887

Fixed HWSupport\USB\USBDriver\build\c\usbhal Line 245 Memory leak: softc
https://www.riscosopen.org/viewer/view/mixed/RiscOS/Sources/HWSupport/USB/USBDriver/build/c/ohcimodule?rev=1.29;content-type=text%2Fx-cvsweb-markup#l245

Fixed HWSupport\USB\USBDriver\build\c\usbkboard Line 209 Memory leak: softc
https://www.riscosopen.org/viewer/view/mixed/RiscOS/Sources/HWSupport/USB/USBDriver/build/c/usbkboard?rev=1.10;content-type=text%2Fx-cvsweb-markup#l209

Fixed HWSupport\VCHIQ\c\vchiq_riscos line 101 Memory leak : thread
https://www.riscosopen.org/viewer/view/mixed/RiscOS/Sources/HWSupport/VCHIQ/c/vchiq_riscos?rev=1.2;content-type=text%2Fx-cvsweb-markup#l101

Fixed Video\Render\SprExtend\c\asmcore Line 1013 Array ‘usedregs15’ accessed at index 15, which is out of bounds.
https://www.riscosopen.org/viewer/view/mixed/RiscOS/Sources/Video/Render/SprExtend/c/asmcore?rev=4.7;content-type=text%2Fx-cvsweb-markup#l1013

 
Sep 11, 2017 9:12pm
Avatar Dominic Plunkett (2556) 31 posts

File removed HWSupport\USB\USBDriver\build\c\usbhal line 691 Size of pointer ‘c’ used instead of size of its data. You probably intend to write ‘sizeof(*c)’

https://www.riscosopen.org/viewer/view/mixed/RiscOS/Sources/HWSupport/USB/USBDriver/build/c/ohcimodule?rev=1.29;content-type=text%2Fx-cvsweb-markup#l691

 
Sep 12, 2017 7:38am
Avatar Jon Abbott (1421) 2298 posts

You should probably provide links to the source lines in question as the code is frequently updated.

 
Sep 12, 2017 6:38pm
Avatar Dominic Plunkett (2556) 31 posts

Fixed – \BCM2835Dev\mixed\RiscOS\Sources\HWSupport\USB\USBDriver\build\c\ohcimodule Line 741 tok buffer is too small. -

I’ll look into providing links

 
Sep 13, 2017 4:39pm
Avatar Jon Abbott (1421) 2298 posts

I’ll get you started:

mixed/RiscOS/Sources/HWSupport/USB/USBDriver/build/c/ohcimodule line 741

 
Sep 14, 2017 5:51pm
Avatar Dominic Plunkett (2556) 31 posts

links added to original posts

 
Sep 14, 2017 6:06pm
Avatar Dominic Plunkett (2556) 31 posts

Removed from build dbox_name possible access beyond array
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Lib/RISC_OSLib/rlib/c/ctl?rev=4.2;content-type=text%2Fx-cvsweb-markup#l814

Not a bug Array ‘bustable4’ accessed at index 4, which is out of bounds.
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/HWSupport/SCSI/SCSISwitch/c/scsi?rev=1.10;content-type=text%2Fx-cvsweb-markup#l1271

 
Sep 14, 2017 9:46pm
Avatar Rick Murray (539) 11793 posts

Array ‘bustable4’ accessed at index 4, which is out of bounds.

Are you sure?

I’ve noticed with examining some of my own code that it can return some rather eccentric results.

In this case it looks like the array index is always counted to be less than BUSCOUNT (which is the size of the array), once in a local loop, and once via a function.

In this case, we have the code you linked to, and we have find_free_bus(). I can’t quote here as my phone badly messes up quoting; suffice to say that how ‘b’ gets to be 4 (which I presume is the value of BUSCOUNT) eludes me.

dbox_name possible access beyond array

Yup. That one is a bug. If your array is 20 bytes, you don’t want a function that picks the smaller of the string length or 20, and pokes a terminull there, as array[20] means the elements go 0…19. ;-)

 
Sep 14, 2017 10:08pm
Avatar Dominic Plunkett (2556) 31 posts

Looking at the code again you are right bustable isn’t accessed at index 4

 
Sep 14, 2017 10:11pm
Avatar Rick Murray (539) 11793 posts

Networking\Omni\Protocols\LanManFS\c\SMB line 887 Array SMB_RxWords14 is accessed at index 16

This depends. The array is 14 if not long names and 17 or so otherwise. The offending code looks to be in a code block “if ( SMB_RxWords[0] >= DIALECT_LM12X002 )”; maybe this is only possible in a long names environment? I don’t know, if it was my code, I would use more #ifdef to only include relevant code so there’s no ambiguity.
That said, the code is ugly. What is array element 16? All these magic numbers all over the place…

 
Sep 14, 2017 10:21pm
Avatar Rick Murray (539) 11793 posts

Internat\IntKey\c\keygen line 577 Array uc4 is accessed at index 7

That entire code block. uc is defined as 4 bytes, then several loops access it like…

for (i=0; i<8; i++)

I’m guessing uc ought to be eight bytes.

HWSupport\VCHIQ\c\vchiq_riscos line 101 Memory leak : thread

The memory leaks that I’ve looked at are the result of bombing out early because something went wrong after having allocated memory for the array, but not having freed it before returning zero…

 
Dec 24, 2017 9:35pm
Avatar Dominic Plunkett (2556) 31 posts

I think some more brackets are needed otherwise one of the terms is 15 != 0

Fixed https://www.riscosopen.org/viewer/view/mixed/RiscOS/Sources/Video/Render/SprExtend/c/asmcore?rev=4.8;content-type=text%2Fx-cvsweb-markup#l867

same here too :
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Lib/RISC_OSLib/rlib/c/drawcheck?rev=4.3;content-type=text%2Fx-cvsweb-markup#l178
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Lib/RISC_OSLib/rlib/c/drawfobj?rev=4.4;content-type=text%2Fx-cvsweb-markup#l206

Do we need some {} here :
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Video/UserI/Picker/c/cmyk?rev=4.6;content-type=text%2Fx-cvsweb-markup#l447
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Video/UserI/Picker/c/hsv?rev=4.6;content-type=text%2Fx-cvsweb-markup#l1328
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Video/UserI/Picker/c/rgb?rev=4.7;content-type=text%2Fx-cvsweb-markup#l1247

fixed Code here isn’t executed due to the break instruction just before ?
https://www.riscosopen.org/viewer/view/mixed/RiscOS/Sources/SystemRes/Internet/Sources/sysctl/c/SysCtl?rev=1.6;content-type=text%2Fx-cvsweb-markup#l210

Fixed Is this sensible ? : https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Toolbox/Gadgets/c/TextArea?rev=1.14;content-type=text%2Fx-cvsweb-markup#l1209
Fixed :https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Toolbox/Gadgets/c/ScrollList?rev=1.15;content-type=text%2Fx-cvsweb-markup#l557

 
Dec 25, 2017 3:33pm
Avatar Rick Murray (539) 11793 posts

Is this sensible ? :

Hmm… if (flags | TextArea_DesktopColours == flags).

You’d have thought that C would interpret that as if ((flags | TextArea_DesktopColours) == flags) but it turns out that ‘==’ has a higher precedence than ‘|’, so…

 
Dec 25, 2017 7:57pm
Avatar Dominic Plunkett (2556) 31 posts

given TextArea_DesktopColours = 1<<0

this simplifies to just ‘if (flags)’ is this what the programmer wanted ?

 
Dec 25, 2017 10:05pm
Avatar Dominic Plunkett (2556) 31 posts

fixed This condition always evaluates to true :
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Internat/IntKey/c/unicdata?rev=1.5;content-type=text%2Fx-cvsweb-markup#l239

not sure about this one :
braces added to make code clearer https://www.riscosopen.org/viewer/view/cddl/RiscOS/Sources/HWSupport/SD/SDIODriver/c/swi?rev=1.3;content-type=text%2Fx-cvsweb-markup#l731

Always evaluates to false :
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Lib/RISC_OSLib/rlib/c/txtfile?rev=4.8;content-type=text%2Fx-cvsweb-markup#l307
https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Lib/RISC_OSLib/rlib/c/win?rev=4.4;content-type=text%2Fx-cvsweb-markup#l292
https://www.riscosopen.org/viewer/view/mixed/RiscOS/Sources/SystemRes/Internet/Sources/host/c/host?rev=1.3;content-type=text%2Fx-cvsweb-markup#l463

some more boolean operators would be nice :
Fixed : https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Toolbox/Toolbox/c/memory?rev=4.4;content-type=text%2Fx-cvsweb-markup#l376
Fixed : https://www.riscosopen.org/viewer/view/castle/RiscOS/Sources/Video/Render/Fonts/Manager/Utils/!CurveFit/c/Curvefit?rev=4.2;content-type=text%2Fx-cvsweb-markup#l85

Reply

To post replies, please first log in.

Forums → Bugs →

Search forums

Social

Follow us on and

ROOL Store

Buy RISC OS Open merchandise here, including SD cards for Raspberry Pi and more.

Donate! Why?

Help ROOL make things happen – please consider donating!

RISC OS IPR

RISC OS is an Open Source operating system owned by RISC OS Developments Ltd and licensed primarily under the Apache 2.0 license.

Description

Bug discussions that aren’t covered by the bugs database.

Voices

  • Dominic Plunkett (2556)
  • Jon Abbott (1421)
  • Rick Murray (539)

Options

  • Forums
  • Login
Site design © RISC OS Open Limited 2018 except where indicated
The RISC OS Open Beast theme is based on Beast's default layout

Valid XHTML 1.0  |  Valid CSS

Powered by Beast © 2006 Josh Goebel and Rick Olson
This site runs on Rails

Hosted by Arachsys