Domanda

I am finding some of the issues reported by Klocwork is very strange. For example -

if(NULL == m_pMutex.get())
{
    Log("found unexpected sharedPtr m_pMutex");
    return -1;
}

Time_Critical_Section cs(*m_pMutex);

For the above code Klocwork reports NULL pointer dereference. But I don't think this is a valid issue. As if the pointer is null it would have returned from the function and wouldn't have a chance to access the pointer. But stil Klocwork reported this as an issue.

Another issue is-

 char buf[1000];
 sprintf(buf,"%s",name);

for the above code Klocwork says the above code portion can cause Buffer overflow, array index of 'buf' may be out of bounds. But we are confirming that the name variable will not be greater than 1000 bytes. But still Klocwork reported this as an issue.

We need to make our code error free, and the final code should not contain any issues for Klocwork. Could anyone suggest an efficient way to overcome the above issues?

È stato utile?

Soluzione

Found the root cause of null pointer dereference issue. Let us explain why this code is getting null pointer dereference.

if(NULL == m_pMutex.get())
{
    Log("found unexpected sharedPtr m_pMutex");
     return -1;
}

Time_Critical_Section cs(*m_pMutex);

As Klocwork is a static code analyzer when it comes to check the pointer in "Time_Critical_Section cs(*m_pMutex);" it finds it in open block though it has been checked earlier and if the pointer is null we have returned from the function with value -1. When Klocwork is doing static code analysis it is unknown to it that it has earlier checked the pointer as the accessing code of pointer in open block. We can solve this problem by modifying the code in following way -

if(NULL == m_pMutex.get())
{
   Log("found unexpected sharedPtr m_pMutex");
   return -1;
}
else
{

   Time_Critical_Section cs(*m_pMutex);
   //Do some operations
   return 0;
}
Autorizzato sotto: CC-BY-SA insieme a attribuzione
Non affiliato a StackOverflow
scroll top