Examples of errors detected by the V522 diagnostic
V522. Possible null pointer dereference.
OpenCV
V522 There might be dereferencing of a potential null pointer 'uf'. Check lines: 38, 37. unionfind.hpp 38
static inline unionfind_t *unionfind_create(uint32_t maxid){ unionfind_t *uf = (unionfind_t*) calloc(1, sizeof(unionfind_t)); uf->maxid = maxid; uf->data = (struct ufrec*) malloc((maxid+1) * sizeof(struct ufrec)); for (unsigned int i = 0; i <= maxid; i++) { uf->data[i].size = 1; uf->data[i].parent = i; } return uf; } Similar errors can be found in some other places:
- V522 There might be dereferencing of a potential null pointer 'uf->data'. Check lines: 41, 39. unionfind.hpp 41
- V522 There might be dereferencing of a potential null pointer 'heap'. Check lines: 73, 72. zmaxheap.cpp 73
- V522 There might be dereferencing of a potential null pointer 'im_max'. Check lines: 1129, 1109. apriltag_quad_thresh.cpp 1129
- And 4 additional diagnostic messages.
PHP:Hypertext Preprocessor
V522 There might be dereferencing of a potential null pointer 'modules_dl_loaded'. Check lines: 2527, 2526. zend_API.c 2527
ZEND_API void zend_collect_module_handlers(void) { .... modules_dl_loaded = realloc(modules_dl_loaded, sizeof(zend_module_entry*) * (dl_loaded_count + 1)); modules_dl_loaded[dl_loaded_count] = NULL; .... } Similar errors can be found in some other places:
- V522 There might be dereferencing of a potential null pointer 'module_request_startup_handlers'. Check lines: 2520, 2514. zend_API.c 2520
- V522 There might be dereferencing of a potential null pointer 'class_cleanup_handlers'. Check lines: 2557, 2553. zend_API.c 2557
- V522 There might be dereferencing of a potential null pointer 'list'. Check lines: 3162, 3161. zend_API.c 3162
CPython
V522 There might be dereferencing of a potential null pointer 'p'. Check lines: 1174, 1173. Hacl_Hash_MD5.c 1174
#ifndef KRML_HOST_MALLOC # define KRML_HOST_MALLOC malloc #endif Hacl_Streaming_MD_state_32 *Hacl_Hash_MD5_malloc(void) { .... Hacl_Streaming_MD_state_32 *p = (Hacl_Streaming_MD_state_32 *) KRML_HOST_MALLOC(sizeof (Hacl_Streaming_MD_state_32)); p[0U] = s; .... } Nau Engine
V522 Dereferencing of the null pointer 'loader' might take place. asset_file_content_provider.cpp 34
Result<IAssetContentProvider::AssetContent> openStreamOrContainer(....) { .... IAssetContainerLoader* loader = nullptr; const auto importSettingsProviders = ....; RuntimeReadonlyDictionary::Ptr importSettings; for (const auto& importSettingsProvider : importSettingsProviders) { if (importSettings = importSettingsProvider->getAssetImportSettings(containerPath, *loader); importSettings) { break; } } .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'object' might take place. The null pointer is passed into 'replace' function. Inspect the second argument. Check lines: 'CCVector.h:481', 'CCLayer.cpp:976'. CCVector.h 481
TDengine
V522 Dereferencing of the null pointer 'mgmt' might take place. qworker.c 1442
#define taosMemoryFreeClear(ptr) \ do { \ if (ptr) { \ taosMemoryFree((void *)ptr); \ (ptr) = NULL; \ } \ } while (0) int32_t qWorkerInit(....) { .... if (NULL == mgmt->schHash) { taosMemoryFreeClear(mgmt); qError("init %d scheduler hash failed", mgmt->cfg.maxSchedulerNum); QW_ERR_JRET(terrno); } .... } TDengine
V522 There might be dereferencing of a potential null pointer 'nextedge'. LineMergeDirectedEdge.cpp 57
LineMergeDirectedEdge* LineMergeDirectedEdge::getNext(bool checkDirection) { .... if(getToNode()->getOutEdges()->getEdges()[0] == getSym()) { auto nextedge = dynamic_cast<LineMergeDirectedEdge*>( getToNode()->getOutEdges()->getEdges()[1]); return (!checkDirection || nextedge->getEdgeDirection()) ? nextedge : nullptr; } .... } Similar errors can be found in some other places:
- V522 There might be dereferencing of a potential null pointer. EdgeRing.cpp 300
- V522 There might be dereferencing of a potential null pointer. EdgeRing.cpp 318
TDengine
V522 There might be dereferencing of a potential null pointer 'des'. PlanarGraph.h 98
template <typename It> static void linkResultDirectedEdges(It first, It last) // throw(TopologyException); { for(; first != last; ++first) { Node* node = *first; assert(node); EdgeEndStar* ees = node->getEdges(); assert(ees); DirectedEdgeStar* des = dynamic_cast<DirectedEdgeStar*>(ees); assert(des); // this might throw an exception des->linkResultDirectedEdges(); } } Similar errors can be found in some other places:
- V522 There might be dereferencing of a potential null pointer 'nextedge'. LineMergeDirectedEdge.cpp 64
- V522 There might be dereferencing of a potential null pointer 'edge'. EdgeRing.cpp 225
- V522 There might be dereferencing of a potential null pointer 'point'. PointGeometryUnion.cpp 52
TDengine
V522 Dereferencing of the null pointer 'pReq' might take place. ctgUtil.c 1769
int32_t ctgGetFetchName(SArray* pNames, SCtgFetch* pFetch, SName** ppName) { STablesReq* pReq = (STablesReq*)taosArrayGet(pNames, pFetch->dbIdx); if (NULL == pReq) { qError("fail to get the %dth tb in pTables, tbNum:%d", pFetch->tbIdx, (int32_t)taosArrayGetSize(pReq->pTables)); return TSDB_CODE_CTG_INTERNAL_ERROR; } .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'pBufInfo' might take place. groupcacheoperator.c 391
- V522 Dereferencing of the null pointer 'item' might take place. scanoperator.c 4756
- V522 Dereferencing of the null pointer 'pTrans' might take place. mndCompact.c 710
- And 1 additional diagnostic messages.
TDengine
V522 There might be dereferencing of a potential null pointer 'self'. Check lines: 28, 27. taos_linked_list.c 28
taos_linked_list_t *taos_linked_list_new(void) { taos_linked_list_t *self = (taos_linked_list_t *)taos_malloc(sizeof(taos_linked_list_t)); self->head = NULL; self->tail = NULL; self->free_fn = NULL; self->compare_fn = NULL; self->size = 0; return self; } Similar errors can be found in some other places:
- V522 There might be dereferencing of a potential null pointer 'keys'. Check lines: 344, 333. iniparser.c 344
- V522 Dereferencing of the null pointer 'vce' might take place. The potential null pointer is passed into 'compressSingleFloatValue' function. Inspect the first argument. Check lines: 209, 439, 433. dataCompression.c 209
- V522 Dereferencing of the null pointer 'lce' might take place. The potential null pointer is passed into 'addExactData' function. Inspect the fourth argument. Check lines: 275, 442, 434. dataCompression.c 275
- And 44 additional diagnostic messages.
TDengine
V522 There might be dereferencing of a potential null pointer '* coeff_array'. Check lines: 304, 303. dataCompression.c 304
int getPredictionCoefficients(int layers, int dimension, int **coeff_array, int *status) { .... *coeff_array = (int*)malloc(sizeof(int)); (*coeff_array)[0] = 1; .... } Telegram
V522 Dereferencing of the null pointer 'data' might take place. media_audio.cpp 814
bool Mixer::checkCurrentALError(AudioMsgId::Type type) { if (!Audio::PlaybackErrorHappened()) return true; const auto data = trackForType(type); if (!data) { setStoppedState(data, State::StoppedAtError); onError(data->state.id); // <= } return false; } LLVM/Clang
V522 Dereferencing of the null pointer might take place. The null pointer is passed into 'createDefaultScheduler' function. Inspect the first argument. Check lines: 'SelectionDAGISel.cpp:285', 'LinkAllCodegenComponents.h:48'. SelectionDAGISel.cpp 285
ScheduleDAGSDNodes *createDefaultScheduler(SelectionDAGISel *IS, CodeGenOptLevel OptLevel) { const TargetLowering *TLI = IS->TLI; const TargetSubtargetInfo &ST = IS->MF->getSubtarget(); .... } struct ForceCodegenLinking { ForceCodegenLinking() { .... (void)llvm::createDefaultScheduler(nullptr, llvm::CodeGenOptLevel::Default); .... } }; Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer might take place. The null pointer is passed into 'createVLIWDAGScheduler' function. Inspect the first argument. Check lines: 'ScheduleDAGVLIW.cpp:270', 'LinkAllCodegenComponents.h:50'. ScheduleDAGVLIW.cpp 270
- V522 Dereferencing of the null pointer might take place. The null pointer is passed into 'createHybridListDAGScheduler' function. Inspect the first argument. Check lines: 'ScheduleDAGRRList.cpp:3175', 'LinkAllCodegenComponents.h:44'. ScheduleDAGRRList.cpp 3175
- V522 Dereferencing of the null pointer might take place. The null pointer is passed into 'createSourceListDAGScheduler' function. Inspect the first argument. Check lines: 'ScheduleDAGRRList.cpp:3161', 'LinkAllCodegenComponents.h:42'. ScheduleDAGRRList.cpp 3161
- And 1 additional diagnostic messages.
LLVM/Clang
V522 Dereferencing of the null pointer 'target' might take place. LinalgTransformOps.cpp 2219
DiagnosedSilenceableFailure transform::ConvertToLoopsOp::apply(transform::TransformRewriter &rewriter, transform::TransformResults &results, transform::TransformState &state) { SmallVector<Operation *> loops; for (Operation *target : state.getPayloadOps(getTarget())) { auto tilingOp = dyn_cast<TilingInterface>(*target); if (!target) { DiagnosedSilenceableFailure diag = emitSilenceableError() << "expected the payload to implement TilingInterface"; diag.attachNote(target->getLoc()) << "payload op"; return diag; } .... } LLVM/Clang
V522 Dereferencing of the null pointer 'Inst' might take place. LinuxKernelRewriter.cpp 583
Error LinuxKernelRewriter::readORCTables() { .... MCInst *Inst = BF->getInstructionAtOffset(Offset); if (!Inst) { Inst = BF->getInstructionContainingOffset(Offset); if (Inst || BC.MIB->hasAnnotation(*Inst, "AltInst")) continue; return createStringError( errc::executable_format_error, "no instruction at address 0x%" PRIx64 " in .orc_unwind_ip", IP); } .... } DPDK
V522 There might be dereferencing of a potential null pointer 'ts'. Check lines: 1276, 1274. test_cryptodev_blockcipher.c 1276
struct unit_test_suite * build_blockcipher_test_suite(enum blockcipher_test_type test_type) { .... ts = calloc(1, sizeof(struct unit_test_suite) + (sizeof(struct unit_test_case) * (n_test_cases + 1))); ts->suite_name = ts_name; ts->setup = ts_setup; .... } Similar errors can be found in some other places:
- V522 There might be dereferencing of a potential null pointer 'next_edges'. Check lines: 529, 518. test_graph.c 529
- V522 There might be dereferencing of a potential null pointer 't'. Check lines: 1027, 988. opdl_test.c 1027
- V522 There might be dereferencing of a potential null pointer 'link_cache'. Check lines: 1363, 1351. event_helper.c 1363
- And 10 additional diagnostic messages.
OpenVINO
V522 Dereferencing of the null pointer 'multiplyInputNode' might take place. graph_optimizer.cpp 452
void GraphOptimizer::FuseFCAndWeightsDecompression(Graph &graph) { .... // Fusion processing .... if (!multiplyInputNode) { OPENVINO_THROW("Cannot cast ", multiplyInputNode->getName(), " to Input node."); } fcNode->fuseDecompressionMultiply(multiplyInputNode->getMemoryPtr()); if (withSubtract) { .... if (!subtractInputNode) { OPENVINO_THROW("Cannot cast ", subtractInputNode->getName(), " to Input node."); } fcNode->fuseDecompressionSubtract(subtractInputNode->getMemoryPtr()); } if (withPowerStatic) { .... if (!eltwiseNode) { OPENVINO_THROW("Cannot cast ", eltwiseNode->getName(), " to Eltwise node."); } } .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'subtractInputNode' might take place. graph_optimizer.cpp 459
- V522 Dereferencing of the null pointer 'eltwiseNode' might take place. graph_optimizer.cpp 466
LLVM/Clang
V522 Dereferencing of the null pointer 'I' might take place. The null pointer is passed into 'SetInsertPoint' function. Inspect the first argument. Check lines: 'IRBuilder.h:188', 'OMPIRBuilder.cpp:5983'.
//file: IRBuilder.h void SetInsertPoint(Instruction *I) { BB = I->getParent(); InsertPt = I->getIterator(); assert(InsertPt != BB->end() && "Can't read debug loc from end()"); SetCurrentDebugLocation(I->getStableDebugLoc()); } //file: OMPIRBuilder.cpp std::pair<Value *, Value *> OpenMPIRBuilder::emitAtomicUpdate (InsertPointTy AllocaIP, Value *X, Type *XElemTy, Value *Expr, AtomicOrdering AO, AtomicRMWInst::BinOp RMWOp, AtomicUpdateCallbackTy &UpdateOp, bool VolatileX, bool IsXBinopExpr) { .... if (UnreachableInst *ExitTI = dyn_cast<UnreachableInst> (ExitBB->getTerminator())) { CurBBTI->eraseFromParent(); Builder.SetInsertPoint(ExitBB); } else { Builder.SetInsertPoint(ExitTI); // <= } return Res; } Intermodular analysis
LLVM/Clang
V522 Dereferencing of the null pointer might take place. The null pointer is passed into 'createBURRListDAGScheduler' function. Inspect the first argument. Check lines: 'ScheduleDAGRRList.cpp:3147', 'LinkAllCodegenComponents.h:40'.
//file: ScheduleDAGRRList.cpp ScheduleDAGSDNodes *llvm::createBURRListDAGScheduler(SelectionDAGISel *IS, CodeGenOptLevel OptLevel) { const TargetSubtargetInfo &STI = IS->MF->getSubtarget(); .... } //file: LinkAllCodegenComponents.h struct ForceCodegenLinking { ForceCodegenLinking() { .... (void)llvm::createBURRListDAGScheduler(nullptr, llvm::CodeGenOptLevel::Default); .... } } Intermodular analysis
Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer might take place. The null pointer is passed into 'createSourceListDAGScheduler' function. Inspect the first argument. Check lines: 'ScheduleDAGRRList.cpp:3161', 'LinkAllCodegenComponents.h:42'.
- V522 Dereferencing of the null pointer might take place. The null pointer is passed into 'createHybridListDAGScheduler' function. Inspect the first argument. Check lines: 'ScheduleDAGRRList.cpp:3175', 'LinkAllCodegenComponents.h:44'.
LLVM/Clang
V522 Dereferencing of the null pointer 'E' might take place. The null pointer is passed into 'checkStringLiteralArgumentAttr' function. Inspect the second argument. Check lines: 349, 1801. SemaDeclAttr.cpp
bool Sema::checkStringLiteralArgumentAttr(const AttributeCommonInfo &CI, const Expr *E, StringRef &Str, SourceLocation *ArgLocation) { const auto *Literal = dyn_cast<StringLiteral>(E->IgnoreParenCasts()); .... } .... static void handleAssumumptionAttr(Sema &S, Decl *D, const ParsedAttr &AL) { // Handle the case where the attribute has a text message. StringRef Str; SourceLocation AttrStrLoc; if (!S.checkStringLiteralArgumentAttr(AL, 0, Str, &AttrStrLoc)) return; .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'E' might take place. The null pointer is passed into 'checkStringLiteralArgumentAttr' function. Inspect the second argument. Check lines: 349, 1974. SemaDeclAttr.cpp
- V522 Dereferencing of the null pointer 'E' might take place. The null pointer is passed into 'checkStringLiteralArgumentAttr' function. Inspect the second argument. Check lines: 349, 1984. SemaDeclAttr.cpp
- V522 Dereferencing of the null pointer 'E' might take place. The null pointer is passed into 'checkStringLiteralArgumentAttr' function. Inspect the second argument. Check lines: 349, 1999. SemaDeclAttr.cpp
- And 30 additional diagnostic messages.
LLVM/Clang
V522 Dereferencing of the null pointer 'prev_file' might take place. LineTable.cpp 363
void LineTable::Dump(Stream *s, Target *target, Address::DumpStyle style, Address::DumpStyle fallback_style, bool show_line_ranges) { const size_t count = m_entries.size(); LineEntry line_entry; SupportFileSP prev_file; // <= for (size_t idx = 0; idx < count; ++idx) { ConvertEntryAtIndexToLineEntry(idx, line_entry); line_entry.Dump(s, target, *prev_file != *line_entry.original_file_sp, // <= style, fallback_style, show_line_ranges); s->EOL(); prev_file = line_entry.original_file_sp; } } Dagor Engine
V522 Dereferencing of the null pointer 'leaf_linear[i]' might take place. DagorEngine/prog/dagorInclude/generic/dag_hierGrid.h 71
void copy(const Node &n, int sz) { .... for (int i = 0; i < 4; ++i) if (n.leaf_linear[i]) { if (leaf_linear[i]) leaf_linear[i] = new Leaf(*n.leaf_linear[i]); else *leaf_linear[i] = *n.leaf_linear[i]; } else .... .... } GZDoom
V522 There might be dereferencing of a potential null pointer 'mem'. Check lines: 100, 95. fs_stringpool.cpp 100
StringPool::Block *StringPool::AddBlock(size_t size) { .... auto mem = (Block *)malloc(size); if (mem == nullptr) { } mem->Limit = (uint8_t *)mem + size; mem->Avail = &mem[1]; mem->NextBlock = TopBlock; TopBlock = mem; return mem; } FreeCAD
V522 [CWE-690, CERT-MEM52-CPP] There might be dereferencing of a potential null pointer 'detail'. QGIViewPart.cpp 842
void QGIViewPart::highlightMoved(QGIHighlight* highlight, QPointF newPos) { std::string highlightName = highlight->getFeatureName(); App::Document* doc = getViewObject()->getDocument(); App::DocumentObject* docObj = doc->getObject(highlightName.c_str()); auto detail = dynamic_cast<DrawViewDetail*>(docObj); auto oldAnchor = detail->AnchorPoint.getValue(); if (detail) { Base::Vector3d delta = Rez::appX(DrawUtil::toVector3d(newPos)) / getViewObject()->getScale(); delta = DrawUtil::invertY(delta); detail->AnchorPoint.setValue(oldAnchor + delta); } } FreeCAD
V522 [CWE-476, CERT-EXP34-C] Dereferencing of the null pointer 'vpp' might take place. QGIView.cpp 592
QGVPage* QGIView::getQGVPage(TechDraw::DrawView* dView) { ViewProviderPage* vpp = getViewProviderPage(dView); if (!vpp) { return vpp->getQGVPage(); } return nullptr; } GCC
V522 There might be dereferencing of a potential null pointer 'obj_info'. Check lines: 290, 287. libgcov-util.c 290. libgcov-util.c 287
static struct gcov_info * read_gcda_file (const char *filename) { .... curr_gcov_info = obj_info = (struct gcov_info *) xcalloc (sizeof (struct gcov_info) + sizeof (struct gcov_ctr_info) * GCOV_COUNTERS, 1); obj_info->version = version; obj_info->filename = filename; .... } VCMI
V522 There might be dereferencing of a potential null pointer. CCallback.cpp 255
void CCallback::trade(....) { .... pack.marketId = dynamic_cast<const CGObjectInstance *>(market)->id; .... } Similar errors can be found in some other places:
- V522 There might be dereferencing of a potential null pointer 'boat'. MapRendererContext.cpp 47
- V522 There might be dereferencing of a potential null pointer 'hero'. MapRendererContext.cpp 134
- V522 There might be dereferencing of a potential null pointer 'hero'. MapViewController.cpp 291
- And 7 additional diagnostic messages.
MuditaOS
V522 [CERT-EXP34-C] Dereferencing of the null pointer 'document' might take place. TextBlockCursor.cpp 332
auto BlockCursor::begin() -> std::list<TextBlock>::iterator { return document == nullptr ? document->blocks.end() : document->blocks.begin(); } Chromium
V522 Dereferencing of the null pointer might take place. The null pointer is passed into 'NaClTlsSetCurrentThread' function. Inspect the first argument. Check lines: 'nacl_tls_64.c:285', 'nacl_app_thread.c:161'. nacl_tls_64.c 285
// File: src\native_client\src\trusted\service_runtime\arch\x86_64\nacl_tls_64.c void NaClTlsSetCurrentThread(struct NaClAppThread *natp) { nacl_current_thread = &natp->user; } // File: src\native_client\src\trusted\service_runtime\nacl_app_thread.c void NaClAppThreadTeardown(struct NaClAppThread *natp) { .... /* * Unset the TLS variable so that if a crash occurs during thread * teardown, the signal handler does not dereference a dangling * NaClAppThread pointer. */ NaClTlsSetCurrentThread(NULL); .... } Intermodular analysis
Chromium
V522 Instantiation of WasmFullDecoder < Decoder::kFullValidation, WasmGraphBuildingInterface >: Dereferencing of the null pointer 'result' might take place. The null pointer is passed into 'UnOp' function. Inspect the fourth argument. Check lines: 'graph-builder-interface.cc:349', 'function-body-decoder-impl.h:5372'. graph-builder-interface.cc 349
// File: src\v8\src\wasm\graph-builder-interface.cc void UnOp(FullDecoder* decoder, WasmOpcode opcode, const Value& value, Value* result) { result->node = builder_->Unop(opcode, value.node, decoder->position()); } // File: src\v8\src\wasm\function-body-decoder-impl.h int BuildSimpleOperator(WasmOpcode opcode, ValueType return_type, ValueType arg_type) { Value val = Peek(0, 0, arg_type); if (return_type == kWasmVoid) { CALL_INTERFACE_IF_OK_AND_REACHABLE(UnOp, opcode, val, nullptr); // <= Drop(val); } .... } Intermodular analysis
CARLA
V522 Dereferencing of the null pointer 'HISMCompPtr' might take place. ProceduralBuilding.cpp 32
UHierarchicalInstancedStaticMeshComponent* AProceduralBuilding::GetHISMComp( const UStaticMesh* SM) { .... UHierarchicalInstancedStaticMeshComponent** HISMCompPtr = HISMComps.Find(SMName); if (HISMCompPtr) return *HISMCompPtr; UHierarchicalInstancedStaticMeshComponent* HISMComp = *HISMCompPtr; // If it doesn't exist, create the component HISMComp = NewObject<UHierarchicalInstancedStaticMeshComponent>(this, FName(*FString::Printf(TEXT("HISMComp_%d"), HISMComps.Num()))); HISMComp->SetupAttachment(RootComponent); HISMComp->RegisterComponent(); .... } CARLA
V522 Dereferencing of the null pointer 'CarlaActor' might take place. CarlaServer.cpp 1652
void FCarlaServer::FPimpl::BindActions() { .... FCarlaActor* CarlaActor = Episode->FindCarlaActor(ActorId); if (CarlaActor) { return RespondError("get_light_boxes", ECarlaServerResponse::ActorNotFound, " Actor Id: " + FString::FromInt(ActorId)); } if (CarlaActor->IsDormant()) { return RespondError("get_light_boxes", ECarlaServerResponse::FunctionNotAvailiableWhenDormant, " Actor Id: " + FString::FromInt(ActorId)); } else { .... } .... } LFortran
V522 [CWE-690] There might be dereferencing of a potential null pointer 'dynamic_cast< T * > (parent_)'. CLI11.hpp 3810
template <typename T = App> Option *needs(std::string opt_name) { auto opt = dynamic_cast<T *>(parent_)->get_option_no_throw(opt_name); if(opt == nullptr) { throw IncorrectConstruction::MissingOption(opt_name); } return needs(opt); } Similar errors can be found in some other places:
- V522 [CWE-690] There might be dereferencing of a potential null pointer 'dynamic_cast< T * > (parent_)'. CLI11.hpp 3852
LFortran
V522 [CWE-690] There might be dereferencing of a potential null pointer 'parent'. CLI11.hpp 3915
template <typename T = App> Option *ignore_underscore(bool value = true) { if(!ignore_underscore_ && value) { ignore_underscore_ = value; auto *parent = dynamic_cast<T *>(parent_); for(const Option_p &opt : parent->options_) { // <= .... } } .... } Similar errors can be found in some other places:
- V522 [CWE-690] There might be dereferencing of a potential null pointer 'parent'. CLI11.hpp 3890
Storm Engine
V522 There might be dereferencing of a potential null pointer 'pTable'. Check lines: 36, 35. s_postevents.h 36
void Add(....) { .... pTable = (S_EVENTMSG **)realloc( pTable, nClassesNum * sizeof(S_EVENTMSG *)); pTable[n] = pClass; .... }; Similar errors can be found in some other places:
- V522 There might be dereferencing of a potential null pointer 'label'. Check lines: 116, 113. geom_static.cpp 116
Blender
V522 There might be dereferencing of a potential null pointer 'mesh'. geometry_component_mesh.cc 537
ReadAttributePtr try_get_for_read(const GeometryComponent &component, const StringRef attribute_name) const final { .... const Mesh *mesh = mesh_component.get_for_read(); .... if (mesh == nullptr || mesh->dvert == nullptr) { static const float default_value = 0.0f; return std::make_unique<ConstantReadAttribute>( ATTR_DOMAIN_POINT, mesh->totvert, CPPType::get<float>(), &default_value); } .... } Blender
V522 There might be dereferencing of a potential null pointer 'context->read_icons'. Check lines: 255, 252. datatoc_icon.c
static void icon_merge_context_register_icon(struct IconMergeContext *context, const char *file_name, struct IconHead *icon_head) { context->read_icons = realloc(context->read_icons, sizeof(struct IconInfo) * (context->num_read_icons + 1)); struct IconInfo *icon_info = &context->read_icons[context->num_read_icons]; icon_info->head = *icon_head; icon_info->file_name = strdup(path_basename(file_name)); context->num_read_icons++; } MuseScore
V522 Dereferencing of the null pointer 'destinationMeasure' might take place. score.cpp 4279
ChordRest* Score::cmdNextPrevSystem(ChordRest* cr, bool next) { .... auto destinationMeasure = currentSystem->firstMeasure(); .... if (!(destinationMeasure = destinationMeasure->prevMeasure())) { if (!(destinationMeasure = destinationMeasure->prevMeasureMM())) { return cr; } } .... } MuseScore
V522 Dereferencing of the null pointer 'family' might take place. instrtemplate.cpp 356
void InstrumentTemplate::write(XmlWriter& xml) const { .... if (!family) { xml.tag("family", family->id); } xml.etag(); } SystemC
V522 There might be dereferencing of a potential null pointer 'free_list'. Check lines: 560, 556. sc_event.cpp 560
void* sc_event_timed::allocate() { const int ALLOC_SIZE = 64; if( free_list == 0 ) { free_list = (sc_event_timed_u*) malloc( ALLOC_SIZE * sizeof( sc_event_timed_u ) ); int i = 0; for( ; i < ALLOC_SIZE - 1; ++ i ) { free_list[i].next = &free_list[i + 1]; } free_list[i].next = 0; } .... } Similar errors can be found in some other places:
- V522 There might be dereferencing of a potential null pointer 'new_block'. Check lines: 136, 135. sc_mempool.cpp 136
Espressif IoT Development Framework
V522 There might be dereferencing of a potential null pointer 'exp'. Check lines: 3470, 3469. argtable3.c 3470
TRex *trex_compile(const TRexChar *pattern,const TRexChar **error,int flags) { TRex *exp = (TRex *)malloc(sizeof(TRex)); exp->_eol = exp->_bol = NULL; exp->_p = pattern; .... } Similar errors can be found in some other places:
- V522 There might be dereferencing of a potential null pointer 's_ledc_fade_rec[speed_mode][channel]'. Check lines: 668, 667. ledc.c 668
- V522 There might be dereferencing of a potential null pointer 'environ'. Check lines: 108, 107. syscall_table.c 108
- V522 There might be dereferencing of a potential null pointer 'it'. Check lines: 150, 149. partition.c 150
- And 3 additional diagnostic messages.
FakeIt
V522 There might be dereferencing of a potential null pointer 'matcher'. fakeit.hpp 6720
template<typename ... arglist> struct ArgumentsMatcherInvocationMatcher : public ActualInvocation<arglist...>::Matcher { .... template<typename A> void operator()(int index, A &actualArg) { TypedMatcher<typename naked_type<A>::type> *matcher = dynamic_cast<TypedMatcher<typename naked_type<A>::type> *>( _matchers[index]); if (_matching) _matching = matcher->matches(actualArg); } .... const std::vector<Destructible *> _matchers; }; PMDK
V522 [CWE-690] There might be dereferencing of a potential null pointer 'workers'. Check lines: 126, 124. pi.c 126
static void calc_pi_mt(void) { .... HANDLE *workers = (HANDLE *) malloc(sizeof(HANDLE) * pending); for (i = 0; i < pending; ++i) { workers[i] = CreateThread(NULL, 0, calc_pi, &tasks[i], 0, NULL); if (workers[i] == NULL) break; } .... } Similar errors can be found in some other places:
- V522 [CWE-690] There might be dereferencing of a potential null pointer 'buf'. Check lines: 357, 346. obj_pmemblk.c 357
- V522 [CWE-690] There might be dereferencing of a potential null pointer 'clovec'. Check lines: 22, 18. clo_vec.cpp 22
- V522 [CWE-690] There might be dereferencing of a potential null pointer 'args'. Check lines: 36, 32. clo_vec.cpp 36
- And 27 additional diagnostic messages.
Command & Conquer
V522 Dereferencing of the null pointer 'list' might take place. DISPLAY.CPP 1062
void DisplayClass::Get_Occupy_Dimensions(int & w, int & h, short const *list) { .... if (!list) { /* ** Loop through all cell offsets, accumulating max & min x- & y-coords */ while (*list != REFRESH_EOL) { .... } .... } .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'list' might take place. DISPLAY.CPP 951
- V522 Dereferencing of the null pointer 'unitsptr' might take place. QUEUE.CPP 2362
- V522 Dereferencing of the null pointer 'unitsptr' might take place. QUEUE.CPP 2699
Newton Game Dynamics
V522 There might be dereferencing of a potential null pointer 'perimeter'. dgPolyhedra.cpp 2541
bool dgPolyhedra::PolygonizeFace(....) { .... dgEdge* const perimeter = flatFace.AddHalfEdge (edge1->m_next->m_incidentVertex, edge1->m_incidentVertex); perimeter->m_twin = edge1; .... } dgEdge* dgPolyhedra::AddHalfEdge (dgInt32 v0, dgInt32 v1) { if (v0 != v1) { dgPairKey pairKey (v0, v1); dgEdge tmpEdge (v0, -1); dgTreeNode* node = Insert (tmpEdge, pairKey.GetVal()); return node ? &node->GetInfo() : NULL; } else { return NULL; } } Newton Game Dynamics
V522 There might be dereferencing of a potential null pointer 'face'. dgContactSolver.cpp 351
DG_INLINE dgMinkFace* dgContactSolver::AddFace(dgInt32 v0,dgInt32 v1, dgInt32 v2) { dgMinkFace* const face = NewFace(); face->m_mark = 0; .... } DG_INLINE dgMinkFace* dgContactSolver::NewFace() { dgMinkFace* face = (dgMinkFace*)m_freeFace; if (m_freeFace) { m_freeFace = m_freeFace->m_next; } else { face = &m_facePool[m_faceIndex]; m_faceIndex++; if (m_faceIndex >= DG_CONVEX_MINK_MAX_FACES) { return NULL; } } #ifdef _DEBUG memset(face, 0, sizeof (dgMinkFace)); #endif return face; } SDCC
V522 [CWE-476] Dereferencing of the null pointer 'uc' might take place. flash.cc 345
void cl_flash::flash_write(t_addr a, t_mem val) { uc->sim->app->debug("FLASH wr(%06lx,%02x)\n",a,val); if (!uc) { uc->sim->app->debug(" no uc\n"); return; } .... } SDCC
V522 [CWE-476] Dereferencing of the null pointer 'sfr' might take place. timer2.cc 403
class cl_timer2: public cl_timer0 { protected: class cl_address_space *sfr; .... } void cl_timer2::print_info(class cl_console_base *con) { .... con->dd_printf(" %s", sfr?"?":((sfr->get(IE)&bmET2)?"en":"dis")); .... } Similar errors can be found in some other places:
- V522 [CWE-476] Dereferencing of the null pointer 'sfr' might take place. timer1.cc 86
- V522 [CWE-476] Dereferencing of the null pointer 'sfr' might take place. timer0.cc 426
Amazon FreeRTOS
V522 [CWE-690] There might be dereferencing of a potential null pointer 'pCurrentHttpsResponse'. iot_https_client.c 1184
int PKI_mbedTLSSignatureToPkcs11Signature (uint8_t * pxSignaturePKCS, uint8_t * pxMbedSignature ) { int xReturn = 0; uint8_t * pxNextLength; /* The 4th byte contains the length of the R component */ uint8_t ucSigComponentLength = pxMbedSignature[ 3 ]; // <= if( ( pxSignaturePKCS == NULL ) || ( pxMbedSignature == NULL ) ) { xReturn = FAILURE; } .... } ROOT
V522 Dereferencing of the null pointer 'pre' might take place. TSynapse.cxx 61
void TSynapse::SetPre(TNeuron * pre) { if (pre) { Error("SetPre","this synapse is already assigned to a pre-neuron."); return; } fpre = pre; pre->AddPost(this); } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'post' might take place. TSynapse.cxx 74
Kodi
V522 There might be dereferencing of a potential null pointer 'entry'. Check lines: 985, 981. emu_msvcrt.cpp:985
struct dirent *dll_readdir(DIR *dirp) { .... struct dirent *entry = NULL; entry = (dirent*) malloc(sizeof(*entry)); if (dirData->curr_index < dirData->items.Size() + 2) { if (dirData->curr_index == 0) strncpy(entry->d_name, ".\0", 2); .... } Mozilla Thunderbird
V522 Dereferencing of the null pointer 'row' might take place. morkRowCellCursor.cpp 175
NS_IMETHODIMP morkRowCellCursor::MakeCell( // get cell at current pos in the row nsIMdbEnv* mev, // context mdb_column* outColumn, // column for this particular cell mdb_pos* outPos, // position of cell in row sequence nsIMdbCell** acqCell) { nsresult outErr = NS_OK; nsIMdbCell* outCell = 0; mdb_pos pos = 0; mdb_column col = 0; morkRow* row = 0; morkEnv* ev = morkEnv::FromMdbEnv(mev); if (ev) { pos = mCursor_Pos; morkCell* cell = row->CellAt(ev, pos); if (cell) { col = cell->GetColumn(); outCell = row->AcquireCellHandle(ev, cell, col, pos); } outErr = ev->AsErr(); } if (acqCell) *acqCell = outCell; if (outPos) *outPos = pos; if (outColumn) *outColumn = col; return outErr; } Haiku Operation System
V522 Dereferencing of the null pointer 'data' might take place. The null pointer is passed into 'malo_hal_send_helper' function. Inspect the third argument. Check lines: 350, 394. if_malohal.c 350
static int malo_hal_fwload_helper(struct malo_hal *mh, char *helper) { .... /* tell the card we're done and... */ error = malo_hal_send_helper(mh, 0, NULL, 0, MALO_NOWAIT); // <= NULL .... } static int malo_hal_send_helper(struct malo_hal *mh, int bsize, const void *data, size_t dsize, int waitfor) { mh->mh_cmdbuf[0] = htole16(MALO_HOSTCMD_CODE_DNLD); mh->mh_cmdbuf[1] = htole16(bsize); memcpy(&mh->mh_cmdbuf[4], data , dsize); // <= data .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'data' might take place. The null pointer is passed into 'malo_hal_send_main' function. Inspect the second argument. Check lines: 413, 472. if_malohal.c 413
Haiku Operation System
V522 Dereferencing of the null pointer 'mustFree' might take place. RequestUnflattener.cpp 35
status_t Reader::Read(int32 size, void** buffer, bool* mustFree) { if (size < 0 || !buffer || mustFree) return B_BAD_VALUE; if (size == 0) { *buffer = NULL; *mustFree = false; // <= return B_OK; } .... } Haiku Operation System
V522 Dereferencing of the null pointer 'input' might take place. MediaRecorder.cpp 343
void GetInput(media_input* input); const media_input& BMediaRecorder::MediaInput() const { CALLED(); media_input* input = NULL; fNode->GetInput(input); return *input; } Haiku Operation System
V522 Dereferencing of the null pointer 'directory' might take place. PathMonitor.cpp 1465
bool PathHandler::_EntryCreated(....) { .... Directory* directory = directoryNode->ToDirectory(); if (directory == NULL) { // We're out of sync with reality. if (!dryRun) { if (Entry* nodeEntry = directory->FirstNodeEntry()) { .... } } return false; } .... } Haiku Operation System
V522 Dereferencing of the null pointer 'currentInterface' might take place. Device.cpp 258
Device::Device(....) : .... { .... usb_interface_info* currentInterface = NULL; // <= uint32 descriptorStart = sizeof(usb_configuration_descriptor); while (descriptorStart < actualLength) { switch (configData[descriptorStart + 1]) { .... case USB_DESCRIPTOR_ENDPOINT: { .... if (currentInterface == NULL) // <= break; currentInterface->endpoint_count++; .... } .... case USB_DESCRIPTOR_ENDPOINT_COMPANION: { usb_endpoint_descriptor* desc = currentInterface // <= ->endpoint[currentInterface->endpoint_count - 1].descr; .... } .... } LLVM/Clang
V522 [CWE-476] Dereferencing of the null pointer 'Ty' might take place. SearchableTableEmitter.cpp 614
void SearchableTableEmitter::collectTableEntries( GenericTable &Table, const std::vector<Record *> &Items) { .... RecTy *Ty = resolveTypes(Field.RecType, TI->getType()); if (!Ty) PrintFatalError(Twine("Field '") + Field.Name + "' of table '" + Table.Name + "' has incompatible type: " + Ty->getAsString() + " vs. " + // <= TI->getType()->getAsString()); .... } LLVM/Clang
V522 [CWE-476] Dereferencing of the null pointer 'Type' might take place. PrettyFunctionDumper.cpp 233
void FunctionDumper::dump(const PDBSymbolTypeFunctionArg &Symbol) { uint32_t TypeId = Symbol.getTypeId(); auto Type = Symbol.getSession().getSymbolById(TypeId); if (Type) Printer << "<unknown-type>"; else Type->dump(*this); } LLVM/Clang
V522 [CWE-476] Dereferencing of the null pointer 'Test' might take place. Miscompilation.cpp 709
static Expected<bool> TestOptimizer(BugDriver &BD, std::unique_ptr<Module> Test, std::unique_ptr<Module> Safe) { outs() << " Optimizing functions being tested: "; std::unique_ptr<Module> Optimized = BD.runPassesOn(Test.get(), BD.getPassesToRun()); if (!Optimized) { errs() << " Error running this sequence of passes" << " on the input program!\n"; BD.setNewProgram(std::move(Test)); // <= BD.EmitProgressBitcode(*Test, "pass-error", false); // <= if (Error E = BD.debugOptimizerCrash()) return std::move(E); return false; } .... } LLVM/Clang
V522 [CWE-476] Dereferencing of the null pointer 'ProgClone' might take place. Miscompilation.cpp 601
ExtractBlocks(....) { .... std::unique_ptr<Module> ProgClone = CloneModule(BD.getProgram(), VMap); .... BD.setNewProgram(std::move(ProgClone)); // <= MiscompiledFunctions.clear(); for (unsigned i = 0, e = MisCompFunctions.size(); i != e; ++i) { Function *NewF = ProgClone->getFunction(MisCompFunctions[i].first); // <= assert(NewF && "Function not found??"); MiscompiledFunctions.push_back(NewF); } .... } LLVM/Clang
V522 [CWE-476] Dereferencing of the null pointer 'LHS' might take place. TGParser.cpp 2152
Init *TGParser::ParseValue(Record *CurRec, RecTy *ItemType, IDParseMode Mode) { .... TypedInit *LHS = dyn_cast<TypedInit>(Result); .... LHS = dyn_cast<TypedInit>( UnOpInit::get(UnOpInit::CAST, LHS, StringRecTy::get()) ->Fold(CurRec)); if (!LHS) { Error(PasteLoc, Twine("can't cast '") + LHS->getAsString() + "' to string"); return nullptr; } .... } Similar errors can be found in some other places:
- V522 [CWE-476] Dereferencing of the null pointer 'RHS' might take place. TGParser.cpp 2186
LibrePCB
V522 CWE-628 Dereferencing of the null pointer 'event' might take place. The potential null pointer is passed into 'handleMouseWheelEvent' function. Inspect the first argument. Check lines: 143, 252. graphicsview.cpp 143
void GraphicsView::handleMouseWheelEvent( QGraphicsSceneWheelEvent* event) noexcept { if (event->modifiers().testFlag(Qt::ShiftModifier)) .... } bool GraphicsView::eventFilter(QObject* obj, QEvent* event) { .... handleMouseWheelEvent(dynamic_cast<QGraphicsSceneWheelEvent*>(event)); .... } LibrePCB
V522 CWE-690 There might be dereferencing of a potential null pointer 'e'. graphicsview.cpp 206
bool GraphicsView::eventFilter(QObject* obj, QEvent* event) { .... QGraphicsSceneMouseEvent* e = dynamic_cast<QGraphicsSceneMouseEvent*>(event); Q_ASSERT(e); if (e->button() == Qt::MiddleButton) .... } Similar errors can be found in some other places:
- V522 CWE-690 There might be dereferencing of a potential null pointer 'e'. graphicsview.cpp 218
- V522 CWE-690 There might be dereferencing of a potential null pointer 'e'. graphicsview.cpp 229
- V522 CWE-690 There might be dereferencing of a potential null pointer 'unitComboBox'. attributelisteditorwidget.cpp 143
- And 79 additional diagnostic messages.
Godot Engine
V522 CWE-476 Dereferencing of the null pointer 'E' might take place. shader_gles2.cpp 102
void ShaderGLES2::bind_uniforms() { .... const Map<uint32_t, Variant>::Element *E = uniform_defaults.front(); while (E) { int idx = E->key(); int location = version->uniform_location[idx]; if (location < 0) { E = E->next(); continue; } Variant v; v = E->value(); _set_uniform_variant(location, v); E = E->next(); } const Map<uint32_t, CameraMatrix>::Element *C = uniform_cameras.front(); while (C) { int idx = E->key(); // <= int location = version->uniform_location[idx]; if (location < 0) { C = C->next(); continue; } glUniformMatrix4fv(location, 1, GL_FALSE, &(C->get().matrix[0][0])); C = C->next(); } uniforms_dirty = false; } Qt
V522 CWE-690 There might be dereferencing of a potential null pointer 'nodes'. Check lines: 138, 136. makefiledeps.cpp 138
SourceFiles::SourceFiles() { nodes = (SourceFileNode**)malloc(sizeof(SourceFileNode*)*(num_nodes=3037)); for(int n = 0; n < num_nodes; n++) nodes[n] = nullptr; } Similar errors can be found in some other places:
- V522 CWE-690 There might be dereferencing of a potential null pointer 'rdb'. Check lines: 299, 296. qfilesystemengine_win.cpp 299
- V522 CWE-690 There might be dereferencing of a potential null pointer 'h'. Check lines: 73, 72. qjson.cpp 73
- V522 CWE-690 There might be dereferencing of a potential null pointer 'h'. Check lines: 310, 306. qjsonparser.cpp 310
- And 19 additional diagnostic messages.
Perl 5
V522 Dereferencing of the null pointer 'sv' might take place. pp_ctl.c 577
OP * Perl_pp_formline(void) { .... SV *sv = ((void *)0); .... switch (*fpc++) { .... case 4: arg = *fpc++; f += arg; fieldsize = arg; if (mark < sp) sv = *++mark; else { sv = &(PL_sv_immortals[2]); Perl_ck_warner( (28 ), "...."); } .... break; case 5: { const char *s = item = ((((sv)->sv_flags & (....)) == 0x00000400) ? .... .... } .... } Vangers: One For The Road
V522 CWE-690 There might be dereferencing of a potential null pointer 'fileName'. Check lines: 72, 70. zip_resource.cpp 72
void XZIP_FileHeader::SetName(char *p) { int i, sz = strlen(p); fileName = strdup(p); for (i = 0; i < sz; i ++) if (fileName[i] == '/') fileName[i] = '\\'; } Similar errors can be found in some other places:
- V522 CWE-690 There might be dereferencing of a potential null pointer 'item'. ascr_fnc.cpp 5356
- V522 CWE-690 There might be dereferencing of a potential null pointer. A constructor of the string class expects a valid pointer. ivmap.cpp 309
- V522 CWE-690 There might be dereferencing of a potential null pointer 'idxName'. Check lines: 94, 92. zip_resource.cpp 94
Android
V522 CWE-690 There might be dereferencing of a potential null pointer 'newStr'. Check lines: 203, 202. DexDump.cpp 203
static char* descriptorClassToDot(const char* str) { .... newStr = strdup(lastSlash); newStr[strlen(lastSlash)-1] = '\0'; .... } Similar errors can be found in some other places:
- V522 CWE-690 There might be dereferencing of a potential null pointer 'cp'. Check lines: 1554, 1543. DexDump.cpp 1554
- V522 CWE-690 There might be dereferencing of a potential null pointer 'cp'. Check lines: 1385, 1374. dexlayout.cc 1385
- V522 CWE-628 Dereferencing of the null pointer 'n' might take place. The potential null pointer is passed into 'remove_trailing_slashes' function. Inspect the first argument. Check lines: 461, 540, 537. fs_mgr.cpp 461
- And 4 additional diagnostic messages.
Android
V522 CWE-690 There might be dereferencing of a potential null pointer 'param'. Check lines: 245, 244. BufferProviders.cpp 245
DownmixerBufferProvider::DownmixerBufferProvider(....) { .... effect_param_t * const param = (effect_param_t *) malloc(downmixParamSize); param->psize = sizeof(downmix_params_t); .... } Similar errors can be found in some other places:
- V522 CWE-690 There might be dereferencing of a potential null pointer 'newStr'. Check lines: 169, 163. DexDump.cpp 169
- V522 CWE-690 There might be dereferencing of a potential null pointer 'image->rows'. Check lines: 682, 680. Images.cpp 682
- V522 CWE-690 There might be dereferencing of a potential null pointer 'image->colors'. Check lines: 758, 715. Images.cpp 758
- And 101 additional diagnostic messages.
Android
V522 CWE-476 Dereferencing of the null pointer 'needed' might take place. linker.cpp 1847
static void soinfo_unload_impl(soinfo* root) { .... soinfo* needed = find_library(si->get_primary_namespace(), library_name, RTLD_NOLOAD, nullptr, nullptr); if (needed != nullptr) { PRINT("warning: couldn't find %s needed by %s on unload.", library_name, si->get_realpath()); return; } else if (local_unload_list.contains(needed)) { return; } else if (needed->is_linked() && // <= needed->get_local_group_root() != root) { external_unload_list.push_back(needed); } else { unload_list.push_front(needed); } .... } Android
V522 CWE-476 Dereferencing of the null pointer 'xmlProxyLib' might take place. EffectsConfig.cpp 205
bool parseEffect(....) { .... if (xmlProxyLib == nullptr) { ALOGE("effectProxy must contain a <%s>: %s", tag, dump(*xmlProxyLib)); return false; } .... } Krita
V522 Dereferencing of the null pointer 'slot' might take place. kis_spriter_export.cpp 568
KisImportExportFilter::ConversionStatus KisSpriterExport::convert( KisDocument *document, QIODevice *io, KisPropertiesConfigurationSP /*configuration*/) { .... SpriterSlot *slot = 0; if (file.layerName.contains("slot(")) { int start = file.layerName.indexOf("slot(") + 5; int end = file.layerName.indexOf(')', start); slot->name = file.layerName.mid(start, end - start); // <= slot->defaultAttachmentFlag = .... // <= } .... } XNU kernel
V522 CWE-690 There might be dereferencing of a potential null pointer 'dp'. vfs_cache.c 1449
typedef struct vnode * vnode_t; int cache_lookup_path(...., vnode_t dp, ....) { .... if (dp && (dp->v_flag & VISHARDLINK)) { break; } if ((dp->v_flag & VROOT) || dp == ndp->ni_rootdir || dp->v_parent == NULLVP) break; .... } The pointer dp can be null. However, further the pointer is dereferenced before the preliminary check.
XNU kernel
V522 CWE-628 Dereferencing of the null pointer 'pbuf' might take place. The null pointer is passed into 'pf_lazy_makewritable' function. Inspect the second argument. Check lines: 349, 7460. pf.c 349
void * pf_lazy_makewritable(struct pf_pdesc *pd, pbuf_t *pbuf, int len) { void *p; if (pd->lmw < 0) return (NULL); VERIFY(pbuf == pd->mp); p = pbuf->pb_data; if (len > pd->lmw) { .... } static int pf_test_state_icmp(....) { .... if (pf_lazy_makewritable(pd, NULL, off + sizeof (struct icmp6_hdr)) == NULL) return (PF_DROP); .... } Incorrect call of the pf_lazy_makewritable function. Null pointer dereference might occur.
XNU kernel
V522 CWE-628 Dereferencing of the null pointer 'session' might take place. The null pointer is passed into 'netagent_send_error_response' function. Inspect the first argument. Check lines: 427, 972. network_agent.c 427
static int netagent_send_error_response( struct netagent_session *session, u_int8_t message_type, u_int32_t message_id, u_int32_t error_code) { int error = 0; u_int8_t *response = NULL; size_t response_size = sizeof(struct netagent_message_header); MALLOC(response, u_int8_t *, response_size, M_NETAGENT, M_WAITOK); if (response == NULL) { return (ENOMEM); } (void)netagent_buffer_write_message_header(.....); if ((error = netagent_send_ctl_data(session->control_unit, (u_int8_t *)response, response_size))) { NETAGENTLOG0(LOG_ERR, "Failed to send response"); } FREE(response, M_NETAGENT); return (error); } static void netagent_handle_unregister_message( struct netagent_session *session, ....) #pragma unused(payload_length, packet, offset) u_int32_t response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; if (session == NULL) { NETAGENTLOG0(LOG_ERR, "Failed to find session"); response_error = NETAGENT_MESSAGE_ERROR_INTERNAL; goto fail; } netagent_unregister_session_wrapper(session); netagent_send_success_response(session, .....); return; fail: netagent_send_error_response( session, NETAGENT_MESSAGE_TYPE_UNREGISTER, message_id, response_error); } If in the function netagent_handle_unregister_message a transition to the fail label occurs, then the null pointer dereferencing will occur in the function netagent_send_error_response.
WebRTC
V522 CWE-690 There might be dereferencing of a potential null pointer 'left'. Check lines: 412, 403. resampler.cc 412
int Resampler::Push(....) { .... int16_t* left = static_cast<int16_t*>(malloc(lengthIn * sizeof(int16_t) / 2)); int16_t* right = static_cast<int16_t*>(malloc(lengthIn * sizeof(int16_t) / 2)); .... for (size_t i = 0; i < lengthIn; i += 2) { left[i >> 1] = samplesIn[i]; right[i >> 1] = samplesIn[i + 1]; } .... } There is no protection if the malloc function returns a null pointer.
Similar errors can be found in some other places:
- V522 CWE-690 There might be dereferencing of a potential null pointer 'right'. Check lines: 413, 405. resampler.cc 413
- V522 CWE-690 There might be dereferencing of a potential null pointer 'aecm'. Check lines: 88, 84. echo_control_mobile.cc 88
- V522 CWE-690 There might be dereferencing of a potential null pointer 'aecm'. Check lines: 218, 216. aecm_core.cc 218
- And 2 additional diagnostic messages.
WebRTC
V522 CWE-690 There might be dereferencing of a potential null pointer 'self'. Check lines: 22, 21. noise_suppression.c 22
NsHandle* WebRtcNs_Create() { NoiseSuppressionC* self = malloc(sizeof(NoiseSuppressionC)); self->initFlag = 0; return (NsHandle*)self; } There is no protection if the malloc function returns a null pointer.
Yasm
V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 52, 51. substr.h 52
static SubStr * SubStr_new_u(unsigned char *s, unsigned int l) { SubStr *r = malloc(sizeof(SubStr)); r->str = (char*)s; r->len = l; return r; } There is no protection if the malloc function returns a null pointer.
Similar errors can be found in some other places:
- V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 68, 67. substr.h 68
- V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 84, 83. substr.h 84
- V522 CWE-690 There might be dereferencing of a potential null pointer 'inc'. Check lines: 80, 79. genmodule.c 80
- And 29 additional diagnostic messages.
LLVM/Clang
V522 CWE-690 There might be dereferencing of a potential null pointer 'Buckets'. Check lines: 219, 217. foldingset.cpp 219
static void **AllocateBuckets(unsigned NumBuckets) { void **Buckets = static_cast<void**>(calloc(NumBuckets+1, sizeof(void*))); // Set the very last bucket to be a non-null "pointer". Buckets[NumBuckets] = reinterpret_cast<void*>(-1); return Buckets; } The bug is interesting because if calloc returns NULL, then the program will not necessarily immediately fall. A record occurs not by a null pointer, but by a shift equal to NumBuckets. And this can be a great value.
LLVM/Clang
V522 CWE-690 There might be dereferencing of a potential null pointer 'TheTable'. Check lines: 65, 59. stringmap.cpp 65
void StringMapImpl::init(unsigned InitSize) { assert((InitSize & (InitSize-1)) == 0 && "Init Size must be a power of 2 or zero!"); NumBuckets = InitSize ? InitSize : 16; NumItems = 0; NumTombstones = 0; TheTable = (StringMapEntryBase **) calloc(NumBuckets+1, sizeof(StringMapEntryBase **) + sizeof(unsigned)); // Allocate one extra bucket, set it to look filled // so the iterators stop at end. TheTable[NumBuckets] = (StringMapEntryBase*)2; } The bug is interesting because if calloc returns NULL, then the program will not necessarily immediately fall. A record occurs not by a null pointer, but by a shift equal to NumBuckets. And this can be a great value.
V8 JavaScript Engine
V522 CWE-628 Dereferencing of the null pointer 'object' might take place. The null pointer is passed into 'IsHandler' function. Inspect the first argument. Check lines: 'ic-inl.h:44', 'stub-cache.cc:19'. ic-inl.h 44
bool Object::IsSmi() const { return HAS_SMI_TAG(this); } bool IC::IsHandler(Object* object) { return (object->IsSmi() && (object != nullptr)) || object->IsDataHandler() || object->IsWeakCell() || object->IsCode(); } The object pointer is dereferenced first and then checked for NULL. Indeed, the expression looks quite suspicious.
Chromium
V522 CWE-690 There might be dereferencing of a potential null pointer 'file_'. Check lines: 716, 715. visitedlink_master.cc 716
void VisitedLinkMaster::OnTableLoadComplete(....) { .... file_ = static_cast<FILE**>(malloc(sizeof(*file_))); *file_ = load_from_file_result->file.release(); .... } There is no protection if the malloc function returns a null pointer.
Chromium
V522 CWE-690 There might be dereferencing of a potential null pointer 'device_interface_detail_data'. Check lines: 103, 102. hid_service_win.cc 103
void HidServiceWin::EnumerateBlocking(....) { .... std::unique_ptr<SP_DEVICE_INTERFACE_DETAIL_DATA, base::FreeDeleter> device_interface_detail_data( static_cast<SP_DEVICE_INTERFACE_DETAIL_DATA*>( malloc(required_size))); device_interface_detail_data->cbSize = sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA); .... } There is no protection if the malloc function returns a null pointer.
Chromium
V522 CWE-476 Dereferencing of the null pointer 'network_list' might take place. networking_private_service_client.cc 351
std::unique_ptr<base::ListValue> NetworkingPrivateServiceClient::GetEnabledNetworkTypes() { std::unique_ptr<base::ListValue> network_list; network_list->AppendString(::onc::network_type::kWiFi); return network_list; } A smart pointer is null by default. As a smart pointer is not initialized before its usage, a dereference of a null pointer will occur.
Chromium
V522 CWE-476 Dereferencing of the null pointer 'embedder_extension' might take place. Check the bitwise operation. app_view_guest.cc 186
void AppViewGuest::CreateWebContents(....) { .... if (!guest_extension || !guest_extension->is_platform_app() || !embedder_extension | !embedder_extension->is_platform_app()) { callback.Run(nullptr); return; } .... } A typo. Instead of || a developer accidentally wrote |. As a result, a pointer embedder_extension is dereferenced regardless if it's null or not.
Chromium
V522 CWE-476 Dereferencing of the null pointer 'context' might take place. device_media_async_file_util.cc 322
void DeviceMediaAsyncFileUtil::CreateOrOpen( std::unique_ptr<FileSystemOperationContext> context, ....) { .... CreateSnapshotFile( std::move(context), url, base::Bind( &NativeMediaFileUtil::CreatedSnapshotFileForCreateOrOpen, base::RetainedRef(context->task_runner()), file_flags, callback)); } The order of arguments evaluation when calling the CreateSnapshotFile function defines whether a dereference of a null pointer will be or not. In C++ the function argument evaluation order is not defined (unspecified behavior). If in the beginning the argument std::move(context) is evaluated, a dereference of a null pointer will occur.
Similar errors can be found in some other places:
- V522 CWE-476 Dereferencing of the null pointer 'delegate' might take place. payment_request_web_contents_manager.cc 39
Chromium
V522 CWE-476 Dereferencing of the null pointer 'focus_controller_' might take place. display.cc 52
class Display : .... { .... std::unique_ptr<FocusController> focus_controller_; .... } Display::~Display() { .... if (!focus_controller_) { focus_controller_->RemoveObserver(this); focus_controller_.reset(); } .... } An incorrectly written condition. Pointer is dereferenced, if it is null.
Sphinx (search engine)
V522 Dereferencing of the null pointer 'pBuf' might take place. The null pointer is passed into 'Ok' function. Inspect the third argument. Check lines: 2567, 12267, 12424, 14979. searchd.cpp 2567
void ISphOutputBuffer::SendBytes ( const void * pBuf, int iLen ) { int iOff = m_dBuf.GetLength(); m_dBuf.Resize ( iOff + iLen ); memcpy ( m_dBuf.Begin() + iOff, pBuf, iLen ); // <= } void SendMysqlOkPacket ( ISphOutputBuffer & tOut, BYTE uPacketID, int iAffectedRows=0, int iWarns=0, const char * sMessage=NULL, bool bMoreResults=false ) { DWORD iInsert_id = 0; char sVarLen[20] = {0}; void * pBuf = sVarLen; pBuf = MysqlPack ( pBuf, iAffectedRows ); pBuf = MysqlPack ( pBuf, iInsert_id ); int iLen = (char *) pBuf - sVarLen; int iMsgLen = 0; if ( sMessage ) iMsgLen = strlen(sMessage) + 1; tOut.SendLSBDword ( (uPacketID<<24) + iLen + iMsgLen + 5); tOut.SendByte ( 0 ); tOut.SendBytes ( sVarLen, iLen ); if ( iWarns<0 ) iWarns = 0; if ( iWarns>65535 ) iWarns = 65535; DWORD uWarnStatus = iWarns<<16; if ( bMoreResults ) uWarnStatus |= ( SPH_MYSQL_FLAG_MORE_RESULTS ); tOut.SendLSBDword ( uWarnStatus ); tOut.SendBytes ( sMessage, iMsgLen ); // <= } inline void Ok( int iAffectedRows=0, int iWarns=0, const char * sMessage=NULL, bool bMoreResults=false ) { SendMysqlOkPacket ( m_tOut, m_uPacketID, iAffectedRows, // <= iWarns, sMessage, bMoreResults ); if ( bMoreResults ) m_uPacketID++; } void HandleMysqlMultiStmt (....) { .... dRows.Ok ( 0, 0, NULL, bMoreResultsFollow ); .... } Sphinx (search engine)
V522 Dereferencing of the null pointer 'pConsts' might take place. The null pointer is passed into 'Expr_StrIn_c' function. Inspect the third argument. Check lines: 5407, 5946. sphinxexpr.cpp 5407
Expr_StrIn_c ( const CSphAttrLocator & tLoc, int iLocator, ConstList_c * pConsts, UservarIntSet_c * pUservar, ESphCollation eCollation ) : Expr_ArgVsConstSet_c<int64_t> ( NULL, pConsts ) , ExprLocatorTraits_t ( tLoc, iLocator ) , m_pStrings ( NULL ) , m_pUservar ( pUservar ) { assert ( tLoc.m_iBitOffset>=0 && tLoc.m_iBitCount>0 ); assert ( !pConsts || !pUservar ); m_fnStrCmp = GetCollationFn ( eCollation ); const char * sExpr = pConsts->m_sExpr.cstr(); // <= .... } ISphExpr * ExprParser_t::CreateInNode ( int iNode ) { .... case TOK_ATTR_STRING: return new Expr_StrIn_c ( tLeft.m_tLocator, tLeft.m_iLocator, NULL, // <= pUservar, m_eCollation ); .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'pConsts' might take place. The null pointer is passed into 'Expr_JsonFieldIn_c' function. Inspect the first argument. Check lines: 5238, 5948. sphinxexpr.cpp 5238
Audacity
V522 Dereferencing of the null pointer 'mInputStream' might take place. FileIO.cpp 65
std::unique_ptr<wxInputStream> mInputStream; std::unique_ptr<wxOutputStream> mOutputStream; wxInputStream & FileIO::Read(void *buf, size_t size) { if (mInputStream == NULL) { return *mInputStream; } return mInputStream->Read(buf, size); } wxOutputStream & FileIO::Write(const void *buf, size_t size) { if (mOutputStream == NULL) { return *mOutputStream; } return mOutputStream->Write(buf, size); } MuseScore
V522 Dereferencing of the null pointer 'segment' might take place. measure.cpp 2220
void Measure::read(XmlReader& e, int staffIdx) { Segment* segment = 0; .... while (e.readNextStartElement()) { const QStringRef& tag(e.name()); if (tag == "move") e.initTick(e.readFraction().ticks() + tick()); .... else if (tag == "sysInitBarLineType") { const QString& val(e.readElementText()); BarLine* barLine = new BarLine(score()); barLine->setTrack(e.track()); barLine->setBarLineType(val); segment = getSegmentR(SegmentType::BeginBarLine, 0); //!!! segment->add(barLine); // <= OK } .... else if (tag == "Segment") segment->read(e); // <= ERR .... } .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'segment' might take place. read114.cpp 1551
- V522 Dereferencing of the null pointer 'segment' might take place. read206.cpp 1879
MuseScore
V522 Dereferencing of the null pointer 'customDrumset' might take place. instrument.cpp 328
bool Instrument::readProperties(XmlReader& e, Part* part, bool* customDrumset) { .... else if (tag == "Drum") { // if we see on of this tags, a custom drumset will // be created if (!_drumset) _drumset = new Drumset(*smDrumset); if (!customDrumset) { // <= const_cast<Drumset*>(_drumset)->clear(); *customDrumset = true; // <= } const_cast<Drumset*>(_drumset)->load(e); } .... } ClickHouse
V522 Dereferencing of the null pointer 'cond_col' might take place. FunctionsConditional.h 765
bool executeForNullThenElse(....) { .... const ColumnUInt8 * cond_col = typeid_cast<const ColumnUInt8 *>(arg_cond.column.get()); .... if (cond_col) { .... } else if (cond_const_col) { .... } else throw Exception( "Illegal column " + cond_col->getName() + // <= " of first argument of function " + getName() + ". Must be ColumnUInt8 or ColumnConstUInt8.", ErrorCodes::ILLEGAL_COLUMN); .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'cond_col' might take place. FunctionsConditional.h 1061
Enlightenment
V522 There might be dereferencing of a potential null pointer 'task'. e_fm_ipc.c 489
static void _e_fm_ipc_mkdir(int id, const char *src, const char *rel, int rel_to EINA_UNUSED, int x, int y) { E_Fm_Task *task; task = malloc(sizeof(E_Fm_Task)); task->id = id; task->type = E_FM_OP_MKDIR; task->slave = NULL; .... } Similar errors can be found in some other places:
- V522 There might be dereferencing of a potential null pointer 'm'. e_fm_ipc.c 1046
- V522 There might be dereferencing of a potential null pointer 't'. e_fm_op.c 444
- V522 There might be dereferencing of a potential null pointer 'ntask'. e_fm_op.c 896
- And 599 additional diagnostic messages.
EFL Core Libraries
V522 There might be dereferencing of a potential null pointer 'e'. evas_cserve2_fonts.c 66
static void * _font_slave_error_send(Error_Type error) { Error_Type *e = calloc(1, sizeof(*e)); *e = error; return e; } Similar errors can be found in some other places:
- V522 There might be dereferencing of a potential null pointer 'tmpstr'. eo_generator.c 158
- V522 There might be dereferencing of a potential null pointer 'ctx'. eo_lexer.c 1220
- V522 Dereferencing of the null pointer 'v' might take place. The potential null pointer is passed into 'evas_triangle3_set' function. Inspect the first argument. Check lines: 'evas_3d_utils.h:2449'. evas_3d_utils.h 651
- And 390 additional diagnostic messages.
EFL Core Libraries
V522 There might be dereferencing of a potential null pointer 't'. eina_tiler.c 1146
EAPI Eina_Tiler *eina_tiler_new(int w, int h) { Eina_Tiler *t; EINA_SAFETY_ON_TRUE_RETURN_VAL((w <= 0) || (h <= 0), NULL); t = calloc(1, sizeof(Eina_Tiler)); t->last.add.w = -1; t->last.add.h = -1; t->last.del.w = -1; t->last.del.h = -1; t->area.w = w; t->area.h = h; t->tile.w = 32; t->tile.h = 32; t->rounding = EINA_TRUE; EINA_MAGIC_SET(t, EINA_MAGIC_TILER); _splitter_new(t); return t; } Tizen
V522 There might be dereferencing of a potential null pointer 'msg'. util.c 113
void util_bg_color_rgba_set(Evas_Object *layout, char r, char g, char b, char a) { Edje_Message_Int_Set *msg; ret_if(!layout); msg = malloc(sizeof(*msg) + 3 * sizeof(int)); msg->count = 4; msg->val[0] = r; msg->val[1] = g; msg->val[2] = b; msg->val[3] = a; edje_object_message_send(elm_layout_edje_get(layout), EDJE_MESSAGE_INT_SET, 1, msg); free(msg); } Similar errors can be found in some other places:
- V522 There might be dereferencing of a potential null pointer 'pkg_data'. privacy_package_list_view.c 320
- V522 There might be dereferencing of a potential null pointer 'data'. privacy_guard_package_list_view.c 126
- V522 There might be dereferencing of a potential null pointer 'id'. privacy_package_list_view.c 470
- And 58 additional diagnostic messages.
Tizen
V522 There might be dereferencing of a potential null pointer 'sql_callback'. download-db-service.cpp 75
void initialize_datacontrol_provider() { DM_LOGI("initialize_datacontrol_provider"); int result; sql_callback = (data_control_provider_sql_cb *) malloc(sizeof(data_control_provider_sql_cb)); sql_callback->select_cb = select_request_cb; .... } Tizen
V522 There might be dereferencing of a potential null pointer 'selected_device'. setting_item_device_list.c 121
static void device_list_select_cb(void *data, Evas_Object *obj, void *event_info) { do_haptic(50); device_info_s *info = (device_info_s *) data; selected_device = (device_info_s *) calloc(sizeof(device_info_s), 1); selected_device->index = info->index; .... } Tizen
V522 There might be dereferencing of a potential null pointer 'msg'. QuickAccess.cpp 743
void QuickAccess::setButtonColor(Evas_Object* button, int r, int g, int b, int a) { Edje_Message_Int_Set* msg = (Edje_Message_Int_Set *)malloc(sizeof(*msg) + 3 * sizeof(int)); msg->count = 4; msg->val[0] = r; msg->val[1] = g; msg->val[2] = b; msg->val[3] = a; edje_object_message_send(elm_layout_edje_get(button), EDJE_MESSAGE_INT_SET, 0, msg); free(msg); } Tizen
V522 There might be dereferencing of a potential null pointer 'preedit_attr'. ise.cpp 392
void ise_update_preedit_string(....) { .... ime_preedit_attribute *preedit_attr; .... preedit_attr = (ime_preedit_attribute *) calloc(1, sizeof(ime_preedit_attribute)); preedit_attr->start = 0; .... } Tizen
V522 There might be dereferencing of a potential null pointer 'inputHandle'. cpp_audio_io.cpp 928
int cpp_audio_in_peek(audio_in_h input, const void **buffer, unsigned int *length) { .... CAudioInput* inputHandle = dynamic_cast<CAudioInput*>(handle->audioIoHandle); assert(inputHandle); inputHandle->peek(buffer, &_length); .... } Tizen
V522 There might be dereferencing of a potential null pointer 'popup_data'. popup.c 1167
void popup_cb(void *data, Evas_Object *obj, void *event_info) { .... win_data *popup_data = (win_data*)malloc(sizeof(win_data)); elm_theme_extension_add(NULL, ELM_DEMO_EDJ); /* We convince the top widget is a window */ win = ad->win; list = elm_list_add(ad->nf); elm_list_mode_set(list, ELM_LIST_COMPRESS); popup_data->list = list; popup_data->win = win; .... } Tizen
V522 There might be dereferencing of a potential null pointer 'item_type'. list_util.c 72
HAPI void quickpanel_list_util_set_item_type(....) { .... if (item_type == NULL) { item_type = (int*)malloc(sizeof(int)); *item_type = type; evas_object_data_set(item, E_DATA_ITEM_LABEL_H, (void*)item_type); } } Tizen
V522 There might be dereferencing of a potential null pointer 'info'. navigator.c 2819
static void on_gesture_detected(void *data, const Eldbus_Message *msg) { .... Gesture_Info *info = calloc(sizeof(Gesture_Info), 1); // <= int g_type; if (!msg) { DEBUG("Incoming message is empty"); free(info); return; } if (!eldbus_message_arguments_get(....)) { DEBUG("Getting message arguments failed"); free(info); return; } info->type = (Gesture)g_type; // <= .... } Tizen
V522 There might be dereferencing of a potential null pointer 'cb_data'. util.c 37
void back_button_cb_push(....) { back_button_cb_data *cb_data = malloc(sizeof(*cb_data)); cb_data->cb = cb; .... } Tizen
V522 There might be dereferencing of a potential null pointer 'plugin_task'. storage-plugin-sample.c 1016
static async_job_t *create_job_s(int fd) { async_job_t *job = (async_job_t *) calloc(1, sizeof(async_job_t)); // <= if (job) { job->local_path = NULL; job->cloud_path = NULL; job->fd = fd; } return job; // <= } storage_error_code_t sample_upload_async(....) { .... async_job_t *plugin_task = create_job_s(src_file_descriptor); char *path = NULL; path = g_strconcat(VIRTUAL_ROOT_PATH(context), dir_path ? dir_path : "", "/", file_name, NULL); plugin_task->cloud_path = path; // <= .... } Tizen
V522 There might be dereferencing of a potential null pointer 'list'. storage-plugin-sample.c 564
storage_error_code_t sample_get_list(....) { .... storage_adaptor_file_info_h *list = NULL; int len = g_list_length(_file_list); if (0 < len) { list = (storage_adaptor_file_info_h *) // <= calloc(len, sizeof(storage_adaptor_file_info_h)); for (int i = 0; i < len; i++) list[i] = (storage_adaptor_file_info_h) // <= g_list_nth_data(_file_list, i); } .... } Aspell
V522 There might be dereferencing of a potential null pointer 'first'. objstack.cpp 21
ObjStack::ObjStack(size_t chunk_s, size_t align) : chunk_size(chunk_s), min_align(align), temp_end(0) { first_free = first = (Node *)malloc(chunk_size); first->next = 0; reserve = 0; setup_chunk(); } Similar errors can be found in some other places:
- V522 There might be dereferencing of a potential null pointer 'reinterpret_cast< void * * > (block)'. block_slist-t.hpp 27
- V522 There might be dereferencing of a potential null pointer 'w1.str'. prezip.c 87
- V522 There might be dereferencing of a potential null pointer 'w'. prezip.c 164
- And 2 additional diagnostic messages.
Bind
V522 Dereferencing of the null pointer 'stylep' might take place. Check the logical condition. delv.c 500
static isc_result_t setup_style(dns_master_style_t **stylep) { isc_result_t result; dns_master_style_t *style = NULL; REQUIRE(stylep != NULL || *stylep == NULL); .... } Scilab
V522 Dereferencing of the null pointer 'dataz' might take place. polylinedata_wrap.c 373
BOOL translatePolyline(int uid, double x, double y, double z, int flagX, int flagY, int flagZ) { double *datax = NULL; double *datay = NULL; double *dataz = NULL; // <= int i = 0; if (x != 0.0) { datax = getDataX(uid); if (datax == NULL) return FALSE; .... if (z != 0 && isZCoordSet(uid)) { if (flagZ) { for (i = 0; i < getDataSize_(uid); ++i) { dataz[i] = pow(10.,log10(dataz[i]) + z); // <= } } else { for (i = 0; i < getDataSize_(uid); ++i) { dataz[i] += z; // <= } } } return TRUE; } CryEngine V
V522 Dereferencing of the null pointer 'pCEntity' might take place. BreakableManager.cpp 2396
int CBreakableManager::HandlePhysics_UpdateMeshEvent(....) { CEntity* pCEntity = 0; .... if (pmu && pSrcStatObj && GetSurfaceType(pSrcStatObj)) { .... if (pEffect) { .... if (normal.len2() > 0) pEffect->Spawn(true, pCEntity->GetSlotWorldTM(...); // <= } } .... if (iForeignData == PHYS_FOREIGN_ID_ENTITY) { pCEntity = (CEntity*)pForeignData; if (!pCEntity || !pCEntity->GetPhysicalProxy()) return 1; } .... } FreeBSD Kernel
V522 Dereferencing of the null pointer 'ccb' might take place. The null pointer is passed into 'iscsi_outstanding_add' function. Inspect the third argument. Check lines: 'iscsi.c:2157'. iscsi.c 2091
static struct iscsi_outstanding * iscsi_outstanding_add(struct iscsi_session *is, struct icl_pdu *request, union ccb *ccb, uint32_t *initiator_task_tagp) { struct iscsi_outstanding *io; int error; ISCSI_SESSION_LOCK_ASSERT(is); io = uma_zalloc(iscsi_outstanding_zone, M_NOWAIT | M_ZERO); if (io == NULL) { ISCSI_SESSION_WARN(is, "failed to allocate %zd bytes", sizeof(*io)); return (NULL); } error = icl_conn_task_setup(is->is_conn, request, &ccb->csio, initiator_task_tagp, &io->io_icl_prv); .... } static void iscsi_action_abort(struct iscsi_session *is, union ccb *ccb) { .... io = iscsi_outstanding_add(is, request, NULL, &initiator_task_tag); .... } LLVM/Clang
V522 Dereferencing of the null pointer 'PdbFileBuffer' might take place. PDBFileBuilder.cpp 106
Expected<std::unique_ptr<PDBFile>> PDBFileBuilder::build( std::unique_ptr<msf::WritableStream> PdbFileBuffer) { .... auto File = llvm::make_unique<PDBFile>( std::move(PdbFileBuffer), Allocator); File->ContainerLayout = *ExpectedLayout; if (Info) { auto ExpectedInfo = Info->build(*File, *PdbFileBuffer); .... } The code is not clear to me, as I have not studied what llvm::make_unique is, and how it works in general. Nevertheless, both myself and the analyzer are confused by the fact that at first glance the possession of an object from a smart pointer PdbFileBuffer goes to File. After that we have dereferencing of a null pointer PdbFileBuffer that already contains nullptr
Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'PdbFileBuffer' might take place. PDBFileBuilder.cpp 113
- V522 Dereferencing of the null pointer 'PdbFileBuffer' might take place. PDBFileBuilder.cpp 120
- V522 Dereferencing of the null pointer 'PdbFileBuffer' might take place. PDBFileBuilder.cpp 127
Chromium
V522 Dereferencing of the null pointer 'item' might take place. action_wait.cc 41
// Returns the item associated with the component |id| or nullptr // in case of errors. CrxUpdateItem* FindUpdateItemById(const std::string& id) const; void ActionWait::Run(UpdateContext* update_context, Callback callback) { .... while (!update_context->queue.empty()) { auto* item = FindUpdateItemById(update_context->queue.front()); if (!item) { // <= item->error_category = // <= static_cast<int>(ErrorCategory::kServiceError); item->error_code = // <= static_cast<int>(ServiceError::ERROR_WAIT); ChangeItemState(item, CrxUpdateItem::State::kNoUpdate); } else { NOTREACHED(); } update_context->queue.pop(); } .... } Blender
V522 Dereferencing of the null pointer 'ibuf' might take place. tracking_util.c 765
static ImBuf *accessor_get_ibuf(....) { ImBuf *ibuf, *orig_ibuf, *final_ibuf; .... /* First try to get fully processed image from the cache. */ ibuf = accesscache_get(accessor, clip_index, frame, input_mode, downscale, transform_key); if (ibuf != NULL) { return ibuf; } /* And now we do postprocessing of the original frame. */ orig_ibuf = accessor_get_preprocessed_ibuf(accessor, clip_index, frame); if (orig_ibuf == NULL) { return NULL; } .... if (downscale > 0) { if (final_ibuf == orig_ibuf) { final_ibuf = IMB_dupImBuf(orig_ibuf); } IMB_scaleImBuf(final_ibuf, ibuf->x / (1 << downscale), // <= ibuf->y / (1 << downscale)); // <= } .... if (input_mode == LIBMV_IMAGE_MODE_RGBA) { BLI_assert(ibuf->channels == 3 || // <= ibuf->channels == 4); // <= } .... return final_ibuf; } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'ibuf' might take place. tracking_util.c 766
- V522 Dereferencing of the null pointer 'ibuf' might take place. tracking_util.c 783
Blender
V522 Dereferencing of the null pointer 've' might take place. functions1d.cpp 107
int QuantitativeInvisibilityF1D::operator()(....) { ViewEdge *ve = dynamic_cast<ViewEdge*>(&inter); if (ve) { result = ve->qi(); return 0; } FEdge *fe = dynamic_cast<FEdge*>(&inter); if (fe) { result = ve->qi(); // <= return 0; } .... } OpenJDK
V522 Dereferencing of the null pointer 'data' might take place. util.c 2424
static jint JNICALL cbObjectTagInstance(....) { ClassInstancesData *data; /* Check data structure */ data = (ClassInstancesData*)user_data; if (data == NULL) { data->error = AGENT_ERROR_ILLEGAL_ARGUMENT; return JVMTI_VISIT_ABORT; } .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'data' might take place. util.c 2543
- V522 Dereferencing of the null pointer 'data' might take place. util.c 2601
- V522 Dereferencing of the null pointer 'data' might take place. util.c 2760
OpenToonz
V522 Dereferencing of the null pointer 'region' might take place. Check the logical condition. palettecmd.cpp 102
bool isStyleUsed(const TVectorImageP vi, int styleId) { .... TRegion *region = vi->getRegion(i); if (region || region->getStyle() != styleId) return true; .... } FreeBSD Kernel
V522 Dereferencing of the null pointer 'sc' might take place. mrsas.c 4027
void mrsas_aen_handler(struct mrsas_softc *sc) { .... if (!sc) { device_printf(sc->mrsas_dev, "invalid instance!\n"); return; } if (sc->evt_detail_mem) { .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'sc' might take place. mrsas.c 1279
- V522 Dereferencing of the null pointer 'sc' might take place. tws_cam.c 1066
- V522 Dereferencing of the null pointer 'sc' might take place. blkfront.c 677
- And 4 additional diagnostic messages.
ChakraCore
V522 Dereferencing of the null pointer 'tempNumberTracker' might take place. backwardpass.cpp 578
void BackwardPass::MergeSuccBlocksInfo(BasicBlock * block) { TempNumberTracker * tempNumberTracker = nullptr; // <= line 346 .... if (!block->isDead) { .... if(!IsCollectionPass()) { .... if (this->DoMarkTempNumbers()) { tempNumberTracker = JitAnew(....); // <= line 413 } .... .... if (blockSucc->tempNumberTracker != nullptr) { .... tempNumberTracker->MergeData(....); // <= line 578 if (deleteData) { blockSucc->tempNumberTracker = nullptr; } } .... } Mozilla Thunderbird
V522 Dereferencing of the null pointer 'aStyleValues' might take place. sdnaccessible.cpp 252
STDMETHODIMP sdnAccessible::get_computedStyle( BSTR __RPC_FAR* aStyleProperties, BSTR __RPC_FAR* aStyleValues, unsigned short __RPC_FAR* aNumStyleProperties) { if (!aStyleProperties || aStyleValues || !aNumStyleProperties) return E_INVALIDARG; .... aStyleValues[realIndex] = ::SysAllocString(value.get()); .... } Unreal Engine 4
V522 Dereferencing of the null pointer 'GEngine' might take place. Check the logical condition. gameplaystatics.cpp 988
void UGameplayStatics::DeactivateReverbEffect(....) { if (GEngine || !GEngine->UseSound()) { return; } UWorld* ThisWorld = GEngine->GetWorldFromContextObject(....); .... } Godot Engine
V522 Dereferencing of the null pointer 'create_trimesh_collision_node()' might take place. mesh_instance.cpp 177
Node* MeshInstance::create_trimesh_collision_node() { if (mesh.is_null()) return NULL; Ref<Shape> shape = mesh->create_trimesh_shape(); if (shape.is_null()) return NULL; StaticBody * static_body = memnew( StaticBody ); static_body->add_shape( shape ); return static_body; return NULL; } void MeshInstance::create_trimesh_collision() { StaticBody* static_body = create_trimesh_collision_node()->cast_to<StaticBody>(); ERR_FAIL_COND(!static_body); static_body->set_name( String(get_name()) + "_col" ); .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'create_convex_collision_node()' might take place. mesh_instance.cpp 211
.NET CoreCLR
V522 Dereferencing of the null pointer 'hp' might take place. cee_wks gc.cpp 4488
heap_segment* gc_heap::get_segment_for_loh (size_t size #ifdef MULTIPLE_HEAPS , gc_heap* hp #endif //MULTIPLE_HEAPS ) { #ifndef MULTIPLE_HEAPS gc_heap* hp = 0; #endif //MULTIPLE_HEAPS heap_segment* res = hp->get_segment (size, TRUE); .... } When 'MULTIPLE_HEAPS' is not defined, it's no good because the pointer will equal zero.
LibreOffice
V522 Dereferencing of the null pointer 'piTmpConnection' might take place. adodatalinks.cxx 84
BSTR PromptNew(long hWnd) { .... ADOConnection* piTmpConnection = NULL; ::CoInitialize( NULL ); hr = CoCreateInstance( CLSID_DataLinks, NULL, CLSCTX_INPROC_SERVER, IID_IDataSourceLocator, (void**)&dlPrompt ); if( FAILED( hr ) ) { piTmpConnection->Release(); dlPrompt->Release( ); return connstr; } .... } LibreOffice
V522 Dereferencing of the null pointer 'pWindow' might take place. Check the logical condition. querycontroller.cxx 293
void grabFocusFromLimitBox( OQueryController& _rController ) { .... vcl::Window* pWindow = VCLUnoHelper::GetWindow( xWindow ); if( pWindow || pWindow->HasChildPathFocus() ) { pWindow->GrabFocusToDocument(); } .... } LibreOffice
V522 Dereferencing of the null pointer 'pLabelData' might take place. Check the logical condition. pivotlayouttreelistdata.cxx 157
void ScPivotLayoutTreeListData::PushDataFieldNames( vector<ScDPName>& rDataFieldNames) { .... ScDPLabelData* pLabelData = mpParent->GetLabelData(nColumn); if (pLabelData == NULL && pLabelData->maName.isEmpty()) continue; .... } Miranda NG
V522 Dereferencing of the null pointer 'cont' might take place. EmLanProto mlan.cpp 342
void CMLan::OnRecvPacket(u_char* mes, int len, in_addr from) { .... TContact* cont = m_pRootContact; .... if (!cont) RequestStatus(true, cont->m_addr.S_un.S_addr); .... } OpenJPEG
V522 Dereferencing of the null pointer 'l_image' might take place. j2k.c 5205
bool j2k_write_rgn(....) { OPJ_BYTE * l_current_data = 00; OPJ_UINT32 l_nb_comp; OPJ_UINT32 l_rgn_size; opj_image_t *l_image = 00; opj_cp_t *l_cp = 00; opj_tcp_t *l_tcp = 00; opj_tccp_t *l_tccp = 00; OPJ_UINT32 l_comp_room; // preconditions assert(p_j2k != 00); assert(p_manager != 00); assert(p_stream != 00); l_cp = &(p_j2k->m_cp); l_tcp = &l_cp->tcps[p_tile_no]; l_tccp = &l_tcp->tccps[p_comp_no]; l_nb_comp = l_image->numcomps; .... } Qt
V522 Dereferencing of the null pointer 'm' might take place. qquickcontext2d.cpp 3169
QV4::ReturnedValue QQuickJSContext2DPixelData::getIndexed( QV4::Managed *m, uint index, bool *hasProperty) { .... if (!m) return m->engine()->currentContext()->throwTypeError(); .... } Qt
V522 Dereferencing of the null pointer 'dn' might take place. qdocindexfiles.cpp 539
void QDocIndexFiles::readIndexSection(....) { .... DocNode* dn = qdb_->findGroup(groupNames[i]); if (dn) { dn->addMember(node); } else { .... qDebug() << "DID NOT FIND GROUP:" << dn->name() << "for:" << node->name(); } .... } Unreal Engine 4
V522 Dereferencing of the null pointer 'GStreamingPauseBackground' might take place. streamingpauserendering.cpp 197
void FStreamingPause::Init() { .... if( GStreamingPauseBackground == NULL && GUseStreamingPause ) { // @todo UE4 merge andrew // GStreamingPauseBackground = new FFrontBufferTexture(....); GStreamingPauseBackground->InitRHI(); } } Unreal Engine 4
V522 Dereferencing of the null pointer 'LevelStreamingObject' might take place. unrealengine.cpp 10768
bool UEngine::CommitMapChange( FWorldContext &Context ) { .... LevelStreamingObject = Context.World()->StreamingLevels[j]; if (LevelStreamingObject != NULL) { .... } else { check(LevelStreamingObject); UE_LOG(LogStreaming, Log, TEXT("Unable to handle streaming object %s"), *LevelStreamingObject->GetName()); } .... } Scilab
V522 Dereferencing of the null pointer 'dataPtr' might take place. scilababstractmemoryallocator.hxx 222
inline static int *alloc(void * pvApiCtx, const int position, const int rows, const int cols, int * ptr) { int * _ptr = 0; SciErr err = allocMatrixOfInteger32( pvApiCtx, position, rows, cols, &_ptr); checkError(err); return _ptr; } inline static void create(void * pvApiCtx, const int position, const int rows, const int cols, long long * ptr) { int * dataPtr = 0; alloc(pvApiCtx, position, rows, cols, dataPtr); for (int i = 0; i < rows * cols; i++) { dataPtr[i] = static_cast<int>(ptr[i]); } } This is what should have been written here: dataPtr = alloc(pvApiCtx, position, rows, cols, dataPtr);
Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'dataPtr' might take place. scilababstractmemoryallocator.hxx 237
- V522 Dereferencing of the null pointer 'ptr' might take place. scilababstractmemoryallocator.hxx 401
Data Distribution Service
V522 Dereferencing of the null pointer 'file' might take place. util.h 24
static ACE_FILE_IO *audio_to_text (ACE_FILE_Addr &, ACE_FILE_Addr &dest) { ACE_FILE_Connector connector; ACE_FILE_IO *file = 0; if (connector.connect (*file, dest) == -1) .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'file' might take place. util.h 39
Trans-Proteomic Pipeline
V522 Dereferencing of the null pointer 'pepIndx' might take place. asapcgidisplay2main.cxx 534
void ASAPRatio_getDataStrctRatio(dataStrct *data, ....) { .... int *outliers, *pepIndx=NULL; .... //pepIndx don't used .... if(data->dataCnts[i] == 1 && pepIndx[i] == 0) data->dataCnts[i] = 0; .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'peptides' might take place. asapcgidisplay2main.cxx 556
- V522 Dereferencing of the null pointer 'peptides' might take place. asapcgidisplay2main.cxx 557
- V522 Dereferencing of the null pointer 'peptides' might take place. asapcgidisplay2main.cxx 558
- And 3 additional diagnostic messages.
Multi Theft Auto
V522 Dereferencing of the null pointer 'szCmdLine' might take place. Check the logical condition. clientcommands.cpp 396
void COMMAND_MessageTarget ( const char* szCmdLine ) { if ( !(szCmdLine || szCmdLine[0]) ) return; .... } Multi Theft Auto
V522 Dereferencing of the null pointer 'pPlayer' might take place. cgame.cpp 1895
void CGame::Packet_PlayerJoinData ( .... ) { .... // Add the player CPlayer* pPlayer = m_pPlayerManager->Create (....); if ( pPlayer ) { .... } else { // Tell the console CLogger::LogPrintf( "CONNECT: %s failed to connect " "(Player Element Could not be created.)\n", pPlayer->GetSourceIP() ); } .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'pPlayer' might take place. cgame.cpp 1901
NetXMS
V522 Dereferencing of the null pointer 'subnet' might take place. session.cpp 10823
void ClientSession::findIpAddress(CSCPMessage *request) { .... if (subnet != NULL) { debugPrintf(5, _T("findIpAddress(%s): found subnet %s"), ipAddrText, subnet->Name()); found = subnet->findMacAddress(ipAddr, macAddr); } else { debugPrintf(5, _T("findIpAddress(%s): subnet not found"), ipAddrText, subnet->Name()); } .... } Windows 8 Driver Samples
V522 Dereferencing of the null pointer 'pSensor' might take place. sensorddi.cpp 903
HRESULT CSensorDDI::OnGetDataFields(....) { .... if (nullptr != pSensor) { .... } else { hr = E_POINTER; Trace(TRACE_LEVEL_ERROR, "pSensor == NULL before getting datafield %!GUID!-%i " "value from %s, hr = %!HRESULT!", &Key.fmtid, Key.pid, pSensor->m_SensorName, hr); } } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'pSensor' might take place. sensorddi.cpp 1852
ReactOS
V522 Dereferencing of the null pointer 'tag' might take place. ir_reader.cpp 904
ir_texture * ir_reader::read_texture(s_expression *expr) { s_symbol *tag = NULL; .... } else if (MATCH(expr, other_pattern)) { op = ir_texture::get_opcode(tag->value()); if (op == -1) return NULL; } .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 's_shadow' might take place. ir_reader.cpp 964
- V522 Dereferencing of the null pointer 'BootSectorInfo' might take place. disksup.c 1750
- V522 Dereferencing of the null pointer 'BootSectorInfo' might take place. disksup.c 1751
- And 1 additional diagnostic messages.
ReactOS
V522 Dereferencing of the null pointer 'device' might take place. bus.c 762
static void acpi_bus_notify (....) { struct acpi_device *device = NULL; .... switch (type) { .... case ACPI_NOTIFY_EJECT_REQUEST: DPRINT1("Received EJECT REQUEST " "notification for device [%s]\n", device->pnp.bus_id); /* TBD */ break; .... } } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'device' might take place. bus.c 768
- V522 Dereferencing of the null pointer 'device' might take place. bus.c 774
- V522 Dereferencing of the null pointer 'device' might take place. bus.c 780
- And 1 additional diagnostic messages.
D programming language
V522 Dereferencing of the null pointer 'v' might take place. interpret.c 1711
Expression *getVarExp(Loc loc, InterState *istate, Declaration *d, CtfeGoal goal) { .... VarDeclaration *v = d->isVarDeclaration(); if (v) { .... } else if (s) { if (s->dsym->toInitializer() == s->sym) .... else error(loc, "cannot interpret symbol %s at compile time", v->toChars()); } .... } ffdshow
V522 Dereferencing of the null pointer 'audio' might take place. tffdshowdecaudioinputpin.cpp 468
STDMETHODIMP_(bool) TffdshowDecAudioInputPin::getsf( TsampleFormat &outsf) { if (!audio) { .... // audio don't used } else if (bitstream_codec(audio->codecId)) { outsf.sf = TsampleFormat::getSampleFormat(codecId); outsf.alternateSF = filter->insf.alternateSF; return true; } } else { .... } Visualization Toolkit (VTK)
V522 Dereferencing of the null pointer 'td' might take place. CommonCxxTests testconditionvariable.cxx 96
VTK_THREAD_RETURN_TYPE vtkTestCondVarThread( void* arg ) { .... if ( td ) // <= { .... } else { cout << "No thread data!\n"; cout << " Thread " << ( threadId + 1 ) << " of " << threadCount << " exiting.\n"; -- td->NumberOfWorkers; // <= cout.flush(); } .... } Blender
V522 Dereferencing of the null pointer 'block' might take place. interface_widgets.cc 5294
void ui_draw_popover_back (ARegion *region, uiStyle * /*style*/, uiBlock *block, rcti *rect ) { .... if (block) { float mval_origin[2] = {float(block->bounds_offset[0]), float(block->bounds_offset[1])}; ui_window_to_block_fl (region, block, &mval_origin[0], &mval_origin[1]); ui_draw_popover_back_impl (wt->wcol_theme, rect, block->direction, U.widget_unit / block->aspect, mval_origin); } else { const float zoom = 1.0f / block->aspect; // <= wt->state (wt, &STATE_INFO_NULL, UI_EMBOSS_UNDEFINED); wt->draw_block (&wt->wcol, rect, 0, 0, zoom); } .... } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'em' might take place. transform.cc 2117
- V522 Dereferencing of the null pointer 'mesh' might take place. MOD_cloth.cc 108
- V522 Dereferencing of the null pointer 'data.mval_fl' might take place. editmesh_select.cc 801
Blender
V522 Dereferencing of the null pointer 'eraser' might take place. Check the bitwise operation. gpencil_paint.cc 1429
static bool gpencil_stroke_eraser_is_occluded (tGPsdata *p, bGPDlayer *gpl, bGPDspoint *pt, const int x, const int y) { Object *obact = (Object *)p->ownerPtr.data; Brush *brush = p->brush; Brush *eraser = p->eraser; BrushGpencilSettings *gp_settings = nullptr; if (brush->gpencil_tool == GPAINT_TOOL_ERASE) { gp_settings = brush->gpencil_settings; } else if ((eraser != nullptr) & (eraser->gpencil_tool == GPAINT_TOOL_ERASE)) // <= { gp_settings = eraser->gpencil_settings; } if ((gp_settings != nullptr) && (gp_settings->flag & GP_BRUSH_OCCLUDE_ERASER) ) { RegionView3D *rv3d = static_cast<RegionView3D *>(p->region->regiondata); .... return false; } Similar errors can be found in some other places:
- V522 Dereferencing of the null pointer 'eraser' might take place. Check the bitwise operation. gpencil_paint.cc 1821
Blender
V522 Dereferencing of the null pointer 'tpart' might take place. bf_render convertblender.c 1788
static int render_new_particle_system(....) { ParticleSettings *part, *tpart=0; .... // tpart don't used .... psys_particle_on_emitter(psmd,tpart->from,tpa->num, pa->num_dmcache,tpa->fuv,tpa->foffset, co,nor,0,0,sd.orco,0); .... } GeoLib
V522 Dereferencing of the null pointer 'pRect' might take place. geOLib geolib.cpp 3282
void WINAPI _GetMonitorRectByIndex( int iMonitor, RECT* pRect ) { int iMonitorCount = ::GetSystemMetrics( SM_CMONITORS ); if ( iMonitor <= iMonitorCount || pRect != NULL ) // <= { if ( iMonitorCount == 1 ) { pRect->left = 0; pRect->top = 0; pRect->right = GetSystemMetrics( SM_CXSCREEN ); pRect->bottom = GetSystemMetrics( SM_CYSCREEN ); } .... } else { pRect->left = -1; // <= pRect->top = -1; pRect->right = -1; pRect->bottom = -1; } } PCSX2
V522 Dereferencing of the null pointer 'ptag' might take place. pcsx2 spr.cpp 376
void _SPR1interleave() { .... u32 *ptag; .... if (ptag == NULL) { SysPrintf("SPR1 Tag BUSERR\n"); spr1->chcr = ( spr1->chcr & 0xFFFF ) | ( (*ptag) & 0xFFFF0000 ); psHu32(DMAC_STAT)|= 1<<15; done = 1; spr1finished = done; return; } .... } LLVM/Clang
V522 Dereferencing of the null pointer 'DI' might take place. llvm-tblgen dagiselmatchergen.cpp 220
void MatcherGen::EmitLeafMatchCode(const TreePatternNode *N) { .... if (DI == 0) { errs() << "Unknown leaf kind: " << *DI << "\n"; abort(); } .... } Chromium
V522 Dereferencing of the null pointer 'plugin_instance' might take place. Check the logical condition. chrome_frame_npapi chrome_frame_npapi.cc 517
bool ChromeFrameNPAPI::Invoke(....) { ChromeFrameNPAPI* plugin_instance = ChromeFrameInstanceFromNPObject(header); if (!plugin_instance && (plugin_instance->automation_client_.get())) return false; .... }