Ghidra

Ghidra

Always true & Unreachable code

public void setValueAt(Object aValue, int row, int column) {
  ...
  int index = indexOf(newName);
  if (index >= 0) {                  // <=
    Window window = tool.getActiveWindow();
    Msg.showInfo(getClass(), window, "Duplicate Name",
                 "Name already exists: " + newName);
    return;
  }

  ExternalPath path = paths.get(row); // <=
  ...
}
private int indexOf(String name) {
  for (int i = 0; i < paths.size(); i++) {
    ExternalPath path = paths.get(i);
    if (path.getName().equals(name)) {
      return i;
    }
  }
  return 0;
}

PVS-Studio warnings:

  • V6007 Expression ‘index >= 0’ is always true. ExternalNamesTableModel.java:105
  • V6019 Unreachable code detected. It is possible that an error is present. ExternalNamesTableModel.java:109

Something distracted the developer, and they accidentally implemented the indexOf method in such a way that it returns 0, i.e. the index of the first element of the paths collection, instead of -1 for a non-existent value. This will happen even if the collection is empty. Or maybe they generated the method but forgot to change the default return value. Anyway, the setValueAt method will refuse any offered value and show the message “Name already exists” even if there’s not a single name in the collection.

By the way, the indexOf method is not used anywhere else, and its value is actually needed only to determine if the sought element exists. Rather than writing a separate method and playing around with indexes, it would probably be better to write a for-each loop right in the setValueAt method and have it return when encountering the matching element.

Please click here to see more bugs from this project.

RavenDB

RavenDB JPG_Logo-2

Always true

public override void VerifyCanExecuteCommand(
  ServerStore store, TransactionOperationContext context, bool isClusterAdmin
)
{
  using (context.OpenReadTransaction())
  {
    var read = store.Cluster.GetCertificateByThumbprint(context, Name);
    if (read == null)
      return;

    var definition = JsonDeserializationServer.CertificateDefinition(read);
    if (
      definition.SecurityClearance != SecurityClearance.ClusterAdmin || // <=
      definition.SecurityClearance != SecurityClearance.ClusterNode     // <=
    )
      return;
  }

  AssertClusterAdmin(isClusterAdmin);
}

Analyzer warning: V3022 Expression is always true. Probably the ‘&&’ operator should be used here. DeleteCertificateFromClusterCommand.cs(21) Raven.Server

Another example of a situation where almost certainly the wrong logical operator was chosen. In this case, the condition is always true, because the variable isn’t exactly equal to at least one of the values that it is compared with.

I suppose that “||” should be replaced with “&&”. Then the above fragment will make sense. If the logical operator is chosen correctly, it is most likely that other variables should be compared in one of the conditions. Anyway, this fragment looks very fishily and it must be analyzed.

Please click here to see more bugs from this project.

Command & Conquer

270599

Array overrun

V557 Array overrun is possible. The ‘QuantityB’ function processes value ‘[0..86]’. Inspect the first argument. Check lines: ‘HOUSE.H:928’, ‘CELL.CPP:2337’. HOUSE.H 928

typedef enum StructType : char {
  STRUCT_NONE=-1,
  ....
  STRUCT_COUNT,   // <= 87
  STRUCT_FIRST=0
} StructType;
int BQuantity[STRUCT_COUNT-3];
int QuantityB(int index) {return(BQuantity[index]);}
bool CellClass::Goodie_Check(FootClass * object)
{
  ....
  int bcount = 0;
  for( j=0; j < STRUCT_COUNT; j++) {     bcount += hptr->QuantityB(j);
  }
  ....
}

There are a lot of global variables in the code and it is obvious that they are easy to get confused. The analyzer’s warning about an array index out of bounds is issued at the point of accessing the BQuantity array by index. The array size is 84 elements. Algorithms for analyzing the data flow in the analyzer helped to find out that the index value comes from another function – Goodie_Check. There, a loop is executed with a final value of 86. Therefore, 12 bytes of “someone’s” memory (3 int elements) are constantly being read in this place.

Please click here to see more bugs from this project.

Zero, one, two, Freddy’s coming for you

This post continues the series of articles, which can well be called “horrors for developers”. This time it will also touch upon a typical pattern of typos related to the usage of numbers 0, 1, 2. The language you’re writing in doesn’t really matter: it can be C, C++, C#, or Java. If you’re using constants 0, 1, 2 or variables’ names contain these numbers, most likely, Freddie will come to visit you at night. Go on, read and don’t say we didn’t warn you.


Continue reading

A 6 Step Field Guide for Building Machine Learning Projects

Author: Daniel Bourke
Machine learning is broad. The media makes it sound like magic. Reading this article will change that. It will give you an overview of the most common types of problems machine learning can be used for. And at the same time give you a framework to approach your future machine learning proof of concept projects.

First, we’ll clear up some definitions.

How is machine learning, artificial intelligence and data science different?

These three topics can be hard to understand because there are no formal definitions. Even after being a machine learning engineer for over a year, I don’t have a good answer to this question. I’d be suspicious of anyone who claims they do.

To avoid confusion, we’ll keep it simple. For this article, you can consider machine learning the process of finding patterns in data to understand something more or to predict some kind of future event.

The following steps have a bias towards building something and seeing how it works. Learning by doing.

Continue reading

Hunting Down and Fixing Memory Leaks in Java

Author: Bradley Kofi
In the last article, we covered the most basic aspects of what memory leaks are, what causes them and how to eliminate them from your program.

As a preamble, memory leaks happen when the garbage collector (GC) is unable to clear unreferenced objects from working memory. Considering how much of its popularity Java owes to its garbage collector, how can it this be possible? As it turns out, the GC has a few weak spots:

Unreferenced static fields: The GC is unable to clear static fields unless the class that owns it is unloaded, which only happens if the Classloader that called it is garbage collected.

Unclosed system resources: The GC indirectly frees up files since classes like FileInputStream are written such that if an instance is garbage collected, the ‘close()’ method will be called first. This way, unclosed system resources don’t always pose a risk, so a lot of developers tend to look over them.

Most systems have hard limits on how many files can be open at once, and in addition to hard-to-reproduce bugs like different processes being unable to access the file or OS errors, such issues can be quite problematic to debug. They aren’t memory leaks in the exact sense but memory usage does remain high in the time that the stream remains open.

Besides, it’s also worthwhile to remember that class unloading may or may not happen depending on the JVM implementation.

Unclosed connections: Like with unclosed resources, unclosed database or network connections can lead to significant memory use if not unloaded.

Additional reasons memory leaks may occur include having a small heap space, excessive page swapping by the operating system and long delays in garbage collection.

The focus of this article is the various techniques that can be used to hunt down memory leaks once you’ve recognized how memory leaks happen.

Continue reading