[Spice-devel] Possible division by zero in miStepDash() on common/lines.c?
Yaniv Kaul
ykaul at redhat.com
Wed Jul 27 00:05:36 PDT 2011
Running clang static analyzer on latest spice (I hope it comes out
normal on email - the bug is on line 416, totallen may be 0 because of
the assignment on line 412):
static void
392 miStepDash (int dist, /* distance to step */
393 int *pDashIndex, /* current dash */
394 unsigned char *pDash, /* dash list */
395 int numInDashList, /* total length of dash list */
396 int *pDashOffset /* offset into current dash */
397 )
398 {
399 int dashIndex, dashOffset;
400 int totallen;
401 int i;
402
403 dashIndex = *pDashIndex;
404 dashOffset = *pDashOffset;
405 if (dist < pDash[dashIndex] - dashOffset) {
1
Taking false branch
406 *pDashOffset = dashOffset + dist;
407 return;
408 }
409 dist -= pDash[dashIndex] - dashOffset;
410 if (++dashIndex == numInDashList)
2
Taking false branch
411 dashIndex = 0;
412 totallen = 0;
3
The value 0 is assigned to 'totallen'
413 for (i = 0; i < numInDashList; i++)
4
Loop condition is false. Execution continues on line 415
414 totallen += pDash[i];
415 if (totallen <= dist)
5
Taking true branch
416 dist = dist % totallen;
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/spice-devel/attachments/20110727/a263ba4f/attachment.htm>
More information about the Spice-devel
mailing list