Amazon Lumberyard

/ hownot2code

BUG OF THE MONTH | A couple of memory-handling defects

V549 CWE-688 The first argument of ‘memcmp’ function is equal to the second argument. meshutils.h 894

struct VertexLess
{
 ....
 bool operator()(int a, int b) const
 {
   ....
   if (m.m_links[a].links.size() != m.m_links[b].links.size())
   {
     res = (m.m_links[a].links.size() <
            m.m_links[b].links.size()) ? -1 : +1;
   }
   else
   {
     res = memcmp(&m.m_links[a].links[0], &m.m_links[a].links[0],
     sizeof(m.m_links[a].links[0]) * m.m_links[a].links.size());
   }
   ....
 }
 ....
};

The condition compares the sizes of two vectors: if they are equal, the else branch is executed, where the values of the vectors’ first elements are compared using the memcmp() function. But the problem is that the first and second arguments of this function are the same! The array elements are accessed in quite a complicated way using the indexes a and b – it must be one of them that was mistyped.

Please click here to see more bugs from this project.

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.