Examples of errors detected by the V713 diagnostic
V713. Pointer was used in the logical expression before its check for nullptr in the same logical expression.
GeoShell
V713 The pointer pItem->Next was utilized in the logical expression before it was verified against nullptr in the same logical expression. geobar.cpp 1383
HRESULT CGeoShellUI::RemovePlugin(VOID *pPluginItem)
{
....
while ((pItem->Next->PluginItem != pPluginItem) &&
(pItem->Next != NULL))
{
pItem = pItem->Next;
}
....
}
EchoVNC
V713 The pointer p2 was utilized in the logical expression before it was verified against nullptr in the same logical expression. vncclient.cpp 4045
int vncClient::ZipPossibleDirectory(LPSTR szSrcFileName)
{
char* p1 = strrchr(szSrcFileName, '\\') + 1;
char* p2 = strrchr(szSrcFileName, rfbDirSuffix[0]);
if (
p1[0] == rfbDirPrefix[0] && p1[1] == rfbDirPrefix[1]
&& p2[1] == rfbDirSuffix[1] && p2 != NULL && p1 < p2
)
{
....
}
ffdshow
V713 The pointer presetSettings->output was utilized in the logical expression before it was verified against nullptr in the same logical expression. tffdshowdecaudio.cpp 325
TpresetAudio *presetSettings;
CodecID TffdshowDecAudio::getCodecId(const CMediaType &mt)
{
....
if (presetSettings &&
!presetSettings->output->passthroughPCMConnection &&
presetSettings->output) {
....
}
Miranda IM
V713 The pointer str was utilized in the logical expression before it was verified against nullptr in the same logical expression. modern_skinbutton.cpp 282
static char *_skipblank(char * str) //str will be modified;
{
char * endstr=str+strlen(str);
while ((*str==' ' || *str=='\t') && str!='\0') str++;
while ((*endstr==' ' || *endstr=='\t') && endstr!='\0' &&
endstr<str)
endstr--;
if (*endstr!='\0')
{
endstr++;
*endstr='\0';
}
return str;
}
This is what should have been written here: *str!='\0' , *endstr!='\0'.
Similar errors can be found in some other places:
- V713 The pointer endstr was utilized in the logical expression before it was verified against nullptr in the same logical expression. modern_skinbutton.cpp 283
Miranda NG
V713 The pointer ftcd was utilized in the logical expression before it was verified against nullptr in the same logical expression. Sametime files.cpp 423
void CSametimeProto::CancelFileTransfer(HANDLE hFt)
{
....
FileTransferClientData* ftcd = ....;
if (ftcd) {
while (mwFileTransfer_isDone(ftcd->ft) && ftcd)
ftcd = ftcd->next;
....
}
Linux Kernel
V713 The pointer param->addr was utilized in the logical expression before it was verified against nullptr in the same logical expression. wpactl.c 333
int wpa_set_keys(struct vnt_private *pDevice, void *ctx,
bool fcpfkernel) __must_hold(&pDevice->lock)
{
....
if (is_broadcast_ether_addr(¶m->addr[0]) ||
(param->addr == NULL)) {
....
}
Haiku Operation System
V713 The pointer lp was utilized in the logical expression before it was verified against nullptr in the same logical expression. util.c 311
char *
bittok2str(register const struct tok *lp, ....)
{
....
while (lp->s != NULL && lp != NULL) {
....
}
....
}
FreeSWITCH
V713 The pointer codec->cur_frame was utilized in the logical expression before it was verified against nullptr in the same logical expression. mod_opus.c 631
static switch_status_t
switch_opus_decode(switch_codec_t *codec, ....)
{
....
if (opus_packet_get_bandwidth(codec->cur_frame->data) != // <=
OPUS_BANDWIDTH_FULLBAND && codec->cur_frame && // <=
(jb = switch_core_session_get_jb(....))) {
....
}
....
}
Mozilla Thunderbird
V713 The pointer mHTMLEditor was utilized in the logical expression before it was verified against nullptr in the same logical expression. nshtmleditrules.cpp 6593
nsHTMLEditor* mHTMLEditor;
nsresult
nsHTMLEditRules::SplitParagraph(...)
{
if (mHTMLEditor->IsTextNode(child) ||
!mHTMLEditor ||
mHTMLEditor->IsContainer(child))
....
}
Similar errors can be found in some other places:
- V713 The pointer mHTMLEditor was utilized in the logical expression before it was verified against nullptr in the same logical expression. nshtmleditrules.cpp 7392
- V713 The pointer mHTMLEditor was utilized in the logical expression before it was verified against nullptr in the same logical expression. nshtmleditrules.cpp 7413
ChakraCore
V713 The pointer scriptContext was utilized in the logical expression before it was verified against nullptr in the same logical expression. diaghelpermethodwrapper.cpp 214
template <bool doCheckParentInterpreterFrame>
void HandleHelperOrLibraryMethodWrapperException(....)
{
....
if (!exceptionObject->IsDebuggerSkip() ||
exceptionObject == scriptContext->GetThreadContext()->.... ||
exceptionObject == scriptContext->GetThreadContext()->.... ||
!scriptContext) // <=
{
throw exceptionObject->CloneIfStaticExceptionObject(....);
}
....
}
FreeBSD Kernel
V713 The pointer m was utilized in the logical expression before it was verified against nullptr in the same logical expression. ip_fastfwd.c 245
struct mbuf *
ip_tryforward(struct mbuf *m)
{
....
if (pfil_run_hooks(
&V_inet_pfil_hook, &m, m->m_pkthdr.rcvif, PFIL_IN, NULL) ||
m == NULL)
goto drop;
....
}
Firebird
V713 The pointer p was utilized in the logical expression before it was verified against nullptr in the same logical expression. cvt.cpp 702
static void string_to_datetime(....)
{
....
const char* p = NULL;
const char* const end = p + length;
....
while (p < end)
{
if (*p != ' ' && *p != '\t' && p != 0)
{
CVT_conversion_error(desc, err);
return;
}
++p;
}
....
}
CryEngine V
V713 The pointer pCollision was utilized in the logical expression before it was verified against nullptr in the same logical expression. actiongame.cpp 4235
int CActionGame::OnCollisionImmediate(const EventPhys* pEvent)
{
....
else if (pMat->GetBreakability() == 2 &&
pCollision->idmat[0] != pCollision->idmat[1] &&
(energy = pMat->GetBreakEnergy()) > 0 &&
pCollision->mass[0] * 2 > energy &&
....
pMat->GetHitpoints() <= FtoI(min(1E6f, hitenergy / energy)) &&
pCollision) // <=
return 0;
....
}
Notepad++
V713 The pointer _langList[i] was utilized in the logical expression before it was verified against nullptr in the same logical expression. parameters.h 1286
Lang * getLangFromID(LangType langID) const
{
for (int i = 0 ; i < _nbLang ; ++i)
{
if ((_langList[i]->_langID == langID) || (!_langList[i]))
return _langList[i];
}
return nullptr;
}
V8 JavaScript Engine
V713 CWE-476 The pointer object was utilized in the logical expression before it was verified against nullptr in the same logical expression. ic-inl.h 44
bool Object::IsSmi() const { return HAS_SMI_TAG(this); }
bool IC::IsHandler(Object* object) {
return (object->IsSmi() && (object != nullptr)) ||
object->IsDataHandler() ||
object->IsWeakCell() ||
object->IsCode();
}
The object pointer is dereferenced first and then checked for NULL. Indeed, the expression looks quite suspicious.
Celestia
V713 The pointer 's' was utilized in the logical expression before it was verified against nullptr in the same logical expression. winmain.cpp 3031
static char* skipUntilQuote(char* s)
{
while (*s != '"' && s != '\0')
s++;
return s;
}
Qt
V713 [CWE-476] The pointer 'field' was utilized in the logical expression before it was verified against nullptr in the same logical expression. qformlayout.cpp 405
void QFormLayoutPrivate::updateSizes()
{
....
QFormLayoutItem *field = m_matrix(i, 1);
....
if (userHSpacing < 0 && !wrapAllRows && (label || !field->fullRow) && field)
....
}
Snort
V713 The pointer 'fileEntry->context' was utilized in the logical expression before it was verified against nullptr in the same logical expression. file_segment_process.c 393
static inline int _process_one_file_segment(void* p, FileEntry *fileEntry, ....)
{
....
if ((fileEntry->context->file_state.sig_state == FILE_SIG_FLUSH)
&& fileEntry->context && fileEntry->context->sha256)
{
free(fileEntry->context->sha256);
fileEntry->context->sha256 = NULL;
}
....
}