Back to success stories

Sample of Defect

Project Name CID Checker Category Developer Description
kortemik/OpenTechBFG 35677 NEGATIVE_RETURNS Integer handling issues New feature implementation got stuck for days because old code had obscure implementation which caused debuging nightmare.
File: /home/travis/build/kortemik/OpenTechBFG/neo/idlib/ParallelJobList.cpp 
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409

idParallelJobManagerLocal::AllocJobList
========================
*/
idParallelJobList* idParallelJobManagerLocal::AllocJobList( jobListId_t id, jobListPriority_t priority, unsigned int maxJobs, unsigned int maxSyncs, const idColor* color )
{
        for( int i = 0; i < jobLists.Num(); i++ )
        {
                if( jobLists[i]->GetId() == id )
                {
                        // idStudio may cause job lists to be allocated multiple times
                }
        }
        idParallelJobList* jobList = new( TAG_JOBLIST ) idParallelJobList( id, priority, maxJobs, maxSyncs, color );
        jobLists.Append( jobList );
        return jobList;
}

/*
========================
idParallelJobManagerLocal::FreeJobList
========================
*/
void idParallelJobManagerLocal::FreeJobList( idParallelJobList* jobList )
{
 
 < 1. Condition "jobList == NULL", taking false branch
1410
1411
1412
1413
1414

        if( jobList == NULL )
        {
                return;
        }
        // wait for all job threads to finish because job list deletion is not thread safe
 
 < 2. Condition "i < this->maxThreads", taking true branch
 < 4. Condition "i < this->maxThreads", taking true branch
 < 6. Condition "i < this->maxThreads", taking false branch
1415
1416
1417

        for( unsigned int i = 0; i < maxThreads; i++ )
        {
                threads[i].WaitForThread();
 
 < 3. Jumping back to the beginning of the loop
 < 5. Jumping back to the beginning of the loop
1418

        }
 
 <<< CID 35677: Integer handling issues NEGATIVE_RETURNS
 <<< 7. Function "this->jobLists.FindIndex(jobList)" returns a negative number.
 << 8. Assigning: signed variable "index" = "FindIndex".
1419

        int index = jobLists.FindIndex( jobList );
 
 < 9. Condition "index >= 0", taking false branch
 < 10. Condition "AssertFailed("/home/travis/build/kortemik/OpenTechBFG/neo/idlib/ParallelJobList.cpp", 1420, "index >= 0 && jobLists[index] == jobList")", taking true branch
1420

        assert( index >= 0 && jobLists[index] == jobList );
 
 <<< CID 35677: Integer handling issues NEGATIVE_RETURNS
 <<< 11. Passing variable "index" to a parameter that cannot be negative.
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447

        jobLists[index]->Wait();
        delete jobLists[index];
        jobLists.RemoveIndexFast( index );
}

/*
========================
idParallelJobManagerLocal::GetNumJobLists
========================
*/
int idParallelJobManagerLocal::GetNumJobLists() const
{
        return jobLists.Num();
}

/*
========================
idParallelJobManagerLocal::GetNumFreeJobLists
========================
*/
int idParallelJobManagerLocal::GetNumFreeJobLists() const
{
        return MAX_JOBLISTS - jobLists.Num();
}

/*
========================
Events:
8. var_assign ParallelJobList.cpp:1419
7. negative_return_fn ParallelJobList.cpp:1419
11. negative_returns ParallelJobList.cpp:1421

About Synopsys

Communities and resources