Back to success stories

Sample of Defect

Project Name CID Checker Category Developer Description
kortemik/OpenTechBFG 35500 FORWARD_NULL Null pointer dereferences This defect on our template caused null pointer deferencing in over hundred use cases. Now that we can sort it out it will make our game more stable.
File: /home/travis/build/kortemik/OpenTechBFG/neo/idlib/containers/List.h 
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745

        {
                Resize( granularity );
        }
        
        if( num == size )
        {
                Resize( size + granularity );
        }
        
        return list[ num++ ];
}

/*
================
idList<_type_,_tag_>::Append

Increases the size of the list by one element and copies the supplied data into it.

Returns the index of the new element.
================
*/
template< typename _type_, memTag_t _tag_ >
ID_INLINE int idList<_type_, _tag_>::Append( _type_ const& obj )
{
 
 < 1. Condition "!this->list", taking true branch
 << 2. Comparing "this->list" to null implies that "this->list" might be null.
746
747
748
749
750

        if( !list )
        {
                Resize( granularity );
        }
        
 < 3. Condition "this->num == this->size", taking true branch
751
752
753
754

        if( num == size )
        {
                int newsize;
                
 < 4. Condition "this->granularity == 0", taking false branch
755
756
757
758
759
760
761
762

                if( granularity == 0 )          // this is a hack to fix our memset classes
                {
                        granularity = 16;
                }
                newsize = size + granularity;
                Resize( newsize - newsize % granularity );
        }
        
 <<< CID 35500: Null pointer dereferences FORWARD_NULL
 <<< 5. Dereferencing null pointer "this->list".
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789

        list[ num ] = obj;
        num++;
        
        return num - 1;
}


/*
================
idList<_type_,_tag_>::Insert

Increases the size of the list by at leat one element if necessary
and inserts the supplied data into it.

Returns the index of the new element.
================
*/
template< typename _type_, memTag_t _tag_ >
ID_INLINE int idList<_type_, _tag_>::Insert( _type_ const& obj, int index )
{
        if( !list )
        {
                Resize( granularity );
        }
        
        if( num == size )
        {
Events:
2. var_compare_op List.h:746
5. var_deref_op List.h:763

About Synopsys

Communities and resources