Coverity Scan - Static Analysis

Sample of Defect

Project Name	CID	Checker	Category	Developer Description
msoos/cryptominisat	1306224	UNINIT	Uninitialized variables	Variable "var" was uninitialized, then function that was supposed to fill it in was called. However, when that func failed, it filled a variable "val" and then printed that in the error message. There was a typo in there, and instead it printed the still-uninitialized "var" instead. Nice error + hard-to-read typo combo caught by Coverity. I was sure Coverity was wrong, but spent some extra time and it was right. Right on!

File: /home/travis/build/msoos/cryptominisat/python/pycryptosat.cpp

        PyObject *py_value = NULL;
        if (v == l_True) {
            Py_INCREF(Py_True);
            py_value = Py_True;
        } else if (v == l_False) {
            Py_INCREF(Py_False);
            py_value = Py_False;
        } else if (v == l_Undef) {
            Py_INCREF(Py_None);
            py_value = Py_None;
        }

        if (PyTuple_SetItem(tuple, (Py_ssize_t)i+1, py_value) < 0) {
            PyErr_SetString(PyExc_SystemError, "failed to add to tuple");
            Py_DECREF(tuple);
            return NULL;
        }
    }
    return tuple;
}

static int parse_assumption_lits(PyObject* assumptions, SATSolver* cmsat, std::vector<Lit>& assumption_lits)
{
    PyObject *iterator = PyObject_GetIter(assumptions);

 < 1. Condition "iterator == NULL", taking false branch

    if (iterator == NULL) {
        PyErr_SetString(PyExc_TypeError, "interable object expected");
        return 0;
    }

    PyObject *lit;

 < 2. Condition "(lit = PyIter_Next(iterator)) != NULL", taking true branch

    while ((lit = PyIter_Next(iterator)) != NULL) {

 << 3. Declaring variable "var" without initializer.

284
285

        long var;
        bool sign;

 <<< CID 1306224: Uninitialized variables UNINIT
 <<< 4. Using uninitialized value "var" when calling "convert_lit_to_sign_and_var".

        int ret = convert_lit_to_sign_and_var(lit, var, sign);
        Py_DECREF(lit);
        if (!ret) {
            Py_DECREF(iterator);
            return 0;
        }

        if (var >= cmsat->nVars()) {
            Py_DECREF(iterator);
            PyErr_Format(PyExc_ValueError, "Variable %ld not used in clauses", var+1);
            return 0;
        }

        assumption_lits.push_back(Lit(var, sign));
    }
    Py_DECREF(iterator);
    if (PyErr_Occurred()) {
        return 0;
    }

    return 1;
}

static PyObject* solve(Solver *self, PyObject *args, PyObject *kwds)
{
    PyObject* assumptions = NULL;
    static char* kwlist[] = {"assumptions", NULL};

Events:

	3. var_decl	pycryptosat.cpp:284
	4. uninit_use_in_call	pycryptosat.cpp:286

Sample of Defect

About Synopsys

Communities and resources