| Project Name | CID | Checker | Category | Developer Description |
|---|---|---|---|---|
| tcl | 1251203 | COPY_PASTE_ERROR | Incorrect expression | Setting an incorrect jump target leads to a certain crash if the code is exercised. Interestingly enough, this is a tiny corner case that was (obviously) NOT exercised in our testsuite. I can definitely assert that this bug would have remained undiscovered until someone had a misterious crash, very hard to debug and diagnose. |
4071 4072 4073 4074 4075 4076 4077 4078 4079 4080 4081 4082 4083 4084 4085 4086 4087 4088 4089 4090 4091 4092 4093 4094 |
case INST_INVOKE_EXPANDED: wordCount = arg1 = cleanup = va_arg(argList, int); arg2 = 0; expandCount = 1; break; } va_end(argList); /* * Determine if we need to handle break and continue exceptions with a * special handling exception range (so that we can correctly unwind the * stack). * * These must be done separately; they can be different (especially for * calls from inside a [for] increment clause). */ rangePtr = TclGetInnermostExceptionRange(envPtr, TCL_BREAK, &auxBreakPtr); if (rangePtr == NULL || rangePtr->type != LOOP_EXCEPTION_RANGE) { auxBreakPtr = NULL; } else if (auxBreakPtr->stackDepth == envPtr->currStackDepth-wordCount && auxBreakPtr->expandTarget == envPtr->expandCount-expandCount) { auxBreakPtr = NULL; } else { |
<< "auxBreakPtr - envPtr->exceptAuxArrayPtr" looks like the original copy.4095 4096 4097 4098 4099 4100 4101 4102 4103 4104 4105 |
breakRange = auxBreakPtr - envPtr->exceptAuxArrayPtr;
}
rangePtr = TclGetInnermostExceptionRange(envPtr, TCL_CONTINUE,
&auxContinuePtr);
if (rangePtr == NULL || rangePtr->type != LOOP_EXCEPTION_RANGE) {
auxContinuePtr = NULL;
} else if (auxContinuePtr->stackDepth == envPtr->currStackDepth-wordCount
&& auxContinuePtr->expandTarget == envPtr->expandCount-expandCount) {
auxContinuePtr = NULL;
} else { |
<<< CID 1251203: Incorrect expression COPY_PASTE_ERROR <<< "auxBreakPtr" in "auxBreakPtr - envPtr->exceptAuxArrayPtr" looks like a copy-paste error.
< Should it say "auxContinuePtr" instead?4106 4107 4108 4109 4110 4111 4112 4113 4114 4115 4116 4117 4118 4119 4120 4121 4122 4123 4124 4125 4126 4127 4128 4129 4130 4131 4132 |
continueRange = auxBreakPtr - envPtr->exceptAuxArrayPtr;
}
if (auxBreakPtr != NULL || auxContinuePtr != NULL) {
loopRange = TclCreateExceptRange(LOOP_EXCEPTION_RANGE, envPtr);
ExceptionRangeStarts(envPtr, loopRange);
}
/*
* Issue the invoke itself.
*/
switch (opcode) {
case INST_INVOKE_STK1:
TclEmitInstInt1(INST_INVOKE_STK1, arg1, envPtr);
break;
case INST_INVOKE_STK4:
TclEmitInstInt4(INST_INVOKE_STK4, arg1, envPtr);
break;
case INST_INVOKE_EXPANDED:
TclEmitOpcode(INST_INVOKE_EXPANDED, envPtr);
envPtr->expandCount--;
TclAdjustStackDepth(1 - arg1, envPtr);
break;
case INST_EVAL_STK:
TclEmitOpcode(INST_EVAL_STK, envPtr);
break; |
| original | tclCompile.c:4095 | |
| remediation | tclCompile.c:4106 | |
| copy_paste_error | tclCompile.c:4106 |