|
Keks_Stolicny 9 / 8 / 4 Регистрация: 22.10.2017 Сообщений: 162 |
||||
|
1 |
||||
|
25.12.2017, 15:26. Показов 7277. Ответов 3 Метки нет (Все метки)
В чём ошибка?
__________________
0 |
|
Модератор
12641 / 10135 / 6102 Регистрация: 18.12.2011 Сообщений: 27,170 |
|
|
25.12.2017, 15:35 |
2 |
|
Решение
scanf(«%i», size); Вы передаете size, а надо его адрес.
1 |
Сообщение было отмечено Keks_Stolicny как решение
|
9 / 8 / 4 Регистрация: 22.10.2017 Сообщений: 162 |
|
|
25.12.2017, 16:06 [ТС] |
3 |
|
zss, спасибо, заработало, но есть новая ошибка, я не могу ввести нормально массив структур ( вводится только имя и всё Добавлено через 16 минут
0 |
|
Модератор
12641 / 10135 / 6102 Регистрация: 18.12.2011 Сообщений: 27,170 |
|
|
25.12.2017, 16:16 |
4 |
|
#include <iostream> И где Вы это используете?
0 |
V769. The pointer in the expression equals nullptr. The resulting value is senseless and it should not be used.
Tor
V769 The ‘strchr(cp, ‘:’)’ pointer in the ‘strchr(cp, ‘:’) + 2′ expression could be nullptr. In such case, resulting value will be senseless and it should not be used. dns.c 163
static void
evdns_log_cb(int warn, const char *msg)
{
....
const char *err = strchr(cp, ':')+2;
tor_assert(err);
....
}
Aspell
V769 The ‘strchr(s, ‘:’)’ pointer in the ‘strchr(s, ‘:’) + 1′ expression could be nullptr. In such case, resulting value will be senseless and it should not be used. posib_err.cpp 52
PosibErrBase & PosibErrBase::set(....)
{
....
s = strchr(s, ':') + 1;
unsigned int ip = *s - '0' - 1;
....
}
Similar errors can be found in some other places:
- V769 The ‘begin_’ pointer in the ‘begin_ + old_size’ expression could be nullptr. In such case, resulting value will be senseless and it should not be used. string.cpp 36
- V769 The ‘w->data’ pointer in the ‘w->data + cc’ expression could be nullptr. In such case, resulting value will be senseless and it should not be used. typo_editdist.cpp 166
- V769 The ‘(cur)->str’ pointer in the ‘(cur)->str + pos’ expression could be nullptr. In such case, resulting value will be senseless and it should not be used. prezip.c 103
- And 1 additional diagnostic messages.
EFL Core Libraries
V769 The ‘ed->file->sound_dir->samples’ pointer in the expression could be nullptr. In such case, resulting value of arithmetic operations on this pointer will be senseless and it should not be used. edje_edit.c 1271
EAPI Eina_Bool
edje_edit_sound_sample_add(Evas_Object *obj, const char *name,
const char *snd_src)
{
....
ed->file->sound_dir->samples =
realloc(ed->file->sound_dir->samples,
sizeof(Edje_Sound_Sample) *
ed->file->sound_dir->samples_count);
sound_sample = ed->file->sound_dir->samples +
ed->file->sound_dir->samples_count - 1;
sound_sample->name = (char *)eina_stringshare_add(name);
....
}
Similar errors can be found in some other places:
- V769 The ‘new_txt’ pointer in the ‘new_txt + outlen’ expression could be nullptr. In such case, resulting value will be senseless and it should not be used. eina_str.c 539
- V769 The ‘new_txt’ pointer in the ‘new_txt + outlen’ expression could be nullptr. In such case, resulting value will be senseless and it should not be used. eina_str.c 611
- V769 The ‘tmp’ pointer in the ‘tmp ++’ expression could be nullptr. In such case, resulting value will be senseless and it should not be used. evas_object_textblock.c 11131
- And 7 additional diagnostic messages.
MySQL
V769 The ‘new_buffer’ pointer in the ‘new_buffer + fixed_header_len’ expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 74, 73. gcs_message_stage_lz4.cc 74
bool
Gcs_message_stage_lz4::apply(Gcs_packet &packet)
{
....
unsigned char *new_buffer =
(unsigned char*) malloc(new_capacity);
unsigned char *new_payload_ptr =
new_buffer + fixed_header_len + hd_len;
// compress payload
compressed_len=
LZ4_compress_default((const char*)packet.get_payload(),
(char*)new_payload_ptr,
static_cast<int>(old_payload_len),
compress_bound);
....
}
V8 JavaScript Engine
V769 CWE-119 The ‘copy’ pointer in the ‘copy + prefix_len’ expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 394, 393. code-assembler.cc 394
void CodeAssembler::Comment(const char* format, ...) {
....
const int prefix_len = 2;
int length = builder.position() + 1;
char* copy = reinterpret_cast<char*>(malloc(length +
prefix_len));
MemCopy(copy + prefix_len, builder.Finalize(), length);
copy[0] = ';';
copy[1] = ' ';
raw_assembler()->Comment(copy);
}
There is no protection if the malloc function returns a null
pointer.
LLVM/Clang
V769 CWE-119 The ‘NewTableArray’ pointer in the ‘NewTableArray + NewSize’ expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 218, 216. stringmap.cpp 218
unsigned StringMapImpl::RehashTable(unsigned BucketNo) {
....
StringMapEntryBase **NewTableArray =
(StringMapEntryBase **)calloc(NewSize+1,
sizeof(StringMapEntryBase *) + sizeof(unsigned));
unsigned *NewHashArray =
(unsigned *)(NewTableArray + NewSize + 1);
NewTableArray[NewSize] = (StringMapEntryBase*)2;
....
}
The bug is interesting because if calloc returns NULL,
then the program will not necessarily immediately fall.
A record occurs not by a null pointer,
but by a shift equal to NewSize.
Hunspell
V769 CWE-119 The ‘candidate’ pointer in the ‘candidate + 1’ expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 864, 863. suggestmgr.cxx 864
int SuggestMgr::twowords(....)
{
....
char* candidate = (char*)malloc(wl + 2);
strcpy(candidate + 1, word);
....
}
There is no protection if the malloc function returns a null
pointer.
Android
V769 CWE-119 The ‘(uint32_t *) metadata’ pointer in the ‘(uint32_t *) metadata + new_size_int’ expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 91, 89. radio_metadata.c 91
int check_size(radio_metadata_buffer_t **metadata_ptr, const uint32_t size_int)
{
....
metadata = realloc(metadata,
new_size_int * sizeof(uint32_t));
memmove(
(uint32_t *)metadata + new_size_int - (metadata->count + 1),
(uint32_t *)metadata + metadata->size_int -
(metadata->count + 1),
(metadata->count + 1) * sizeof(uint32_t));
....
}
Qt
V769 CWE-119 The ‘ptr’ pointer in the expression equals nullptr. The resulting value of arithmetic operations on this pointer is senseless and it should not be used. qdbusdemarshaller.cpp 299
QVariant QDBusDemarshaller::toVariantInternal()
{
....
default:
char *ptr = 0;
ptr += q_dbus_message_iter_get_arg_type(&iterator);
q_dbus_message_iter_next(&iterator);
// I hope you never dereference this pointer!
return QVariant::fromValue<void *>(ptr);
};
}
FreeRDP
V769 The ‘data’ pointer in the expression equals nullptr. The resulting value of arithmetic operations on this pointer is senseless and it should not be used. nsc_encode.c 124
static BOOL nsc_encode_argb_to_aycocg(NSC_CONTEXT* context,
const BYTE* data,
UINT32 scanline)
{
....
if (!context || data || (scanline == 0))
return FALSE;
....
src = data + (context->height - 1 - y) * scanline;
....
}
Newton Game Dynamics
V769 The ‘result’ pointer in the ‘result + i’ expression equals nullptr. The resulting value is senseless and it should not be used. win32_monitor.c 286
GLFWvidmode* _glfwPlatformGetVideoModes(_GLFWmonitor* monitor, int* count)
{
GLFWvidmode* result = NULL;
....
for (i = 0; i < *count; i++)
{
if (_glfwCompareVideoModes(result + i, &mode) == 0)
break;
}
}
CSV Parser
V769 The ‘buffer.get()’ pointer in the ‘line_buffer — buffer.get()’ expression equals nullptr. The resulting value is senseless and it should not be used. csv.hpp 4957
CSV_INLINE void CSVReader::read_csv(const size_t& bytes) {
const size_t BUFFER_UPPER_LIMIT = std::min(bytes, (size_t)1000000);
std::unique_ptr<char[]> buffer(new char[BUFFER_UPPER_LIMIT]);
auto * HEDLEY_RESTRICT line_buffer = buffer.get();
line_buffer[0] = '';
....
this->feed_state->feed_buffer.push_back(
std::make_pair<>(std::move(buffer), line_buffer - buffer.get())); // <=
....
}
DeepSpeech
V769 The ‘middle_begin_’ pointer in the ‘middle_begin_ + (counts.size() — 2)’ expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 553, 552. search_trie.cc 553
template <class Quant, class Bhiksha> class TrieSearch {
....
private:
....
Middle *middle_begin_, *middle_end_;
....
};
template <class Quant, class Bhiksha>
uint8_t *TrieSearch<Quant, Bhiksha>::SetupMemory(....)
{
....
middle_begin_
= static_cast<Middle*>(malloc(sizeof(Middle) * (counts.size() - 2)));
middle_end_ = middle_begin_ + (counts.size() - 2);
....
}
Overgrowth
V769 [CERT-EXP08-C] The ‘idx_buffer_offset’ pointer in the ‘idx_buffer_offset += pcmd->ElemCount’ expression equals nullptr. The resulting value is senseless and it should not be used. imgui_impl_sdl_gl3.cpp 138
void ImGui_ImplSdlGL3_RenderDrawLists(ImDrawData* draw_data)
{
const ImDrawIdx* idx_buffer_offset = 0;
....
idx_buffer_offset += pcmd->ElemCount;
....
}
Similar errors can be found in some other places:
- V769 [CERT-EXP08-C] The ‘cp’ pointer in the ‘cp ++’ expression equals nullptr. The resulting value is senseless and it should not be used. crn_file_utils.cpp 547
Hey, guys!
I am using C++ to write some MacOS code.
-
I have added the data to the keychain with the SecItemAdd Here is the code snipped.
Code Block CFStringRef DictKeys[] = {kSecClass, kSecAttrService, kSecAttrType, kSecAttrAccount, kSecValueData, kSecAttrDescription}; CFTypeRef DictValues[] = {kSecClassGenericPassword, ServiceRef, TypeRef, AccountRef, ValueRef, DescriptionRef}; /* Create a dictionary object that holds key-value parameters to store with the new credentials entry. */ CFDictionaryRef KeychainRef = CFDictionaryCreate(kCFAllocatorDefault, (const void **)DictKeys, (const void **)DictValues, 6, nullptr, nullptr); if (KeychainRef != nullptr) { /* Create a new credentials entry in the default keychain of the currently logged in local user. */ const OSStatus Status = SecItemAdd(KeychainRef, nullptr); Result = OSStatusToResult(Status); }
It actually works and I can see the entry in the keychain.
2. I call the SecItemCopyMatching to get the entry. You can find the code snipped below.
Code Block CFMutableDictionaryRef Query = CreateSearchQuery(ServiceRef, TypeRef, AccountRef); if (Query != nullptr) { CFDataRef DataRef = nullptr; const OSStatus Status = SecItemCopyMatching(Query, (CFTypeRef *)DataRef); /* Here Status = errSecSuccess but DataRef = nullptr */ if (Status == errSecSuccess && DataRef != nullptr) { /* Some code here ... */ }
Here is the implementation of CreateSearchQuery
Code Block CFMutableDictionaryRef CreateSearchQuery(CFStringRef ServiceRef, CFNumberRef TypeRef, CFStringRef AccountRef) { CFMutableDictionaryRef Query = CFDictionaryCreateMutable(kCFAllocatorDefault, 0, nullptr, nullptr); if (Query) { CFDictionaryAddValue(Query, kSecClass, kSecClassGenericPassword); CFDictionaryAddValue(Query, kSecMatchLimit, kSecMatchLimitOne); CFDictionaryAddValue(Query, kSecUseAuthenticationUI, kSecUseAuthenticationUISkip); CFDictionaryAddValue(Query, kSecReturnData, kCFBooleanTrue); CFDictionaryAddValue(Query, kSecAttrService, ServiceRef); CFDictionaryAddValue(Query, kSecAttrType, TypeRef); CFDictionaryAddValue(Query, kSecAttrAccount, AccountRef); } return Query; }
I have confirmed that ServiceRef, TypeRef and AccountRef have the same values as when SecItemAdd was called. Also It do returns non-empty Query
I think it worth to notice, that SecItemDelete successfully deletes the entry with the same Query.
MacOS version = 10.15.6