PVS-Studio Warnings
(1) By tnodir on 2023-04-19 11:35:47 [link] [source]
#define SQLITE_VERSION "3.41.2"
#define SQLITE_SOURCE_ID "2023-03-22 11:56:21 0d1fc92f94cb6b76bffe3ec34d69cffde2924203304e8ffc4155597af0c191da"
(V781) The value of the 'i' index is checked after it was used. Perhaps there is a mistake in program logic. sqlite3.c:34495
(V595) The 'aLabel' pointer was utilized before it was verified against nullptr. Check lines: 83249, 83263. sqlite3.c:83249
(V570) The 'yymsp[0].minor.yy528' variable is assigned to itself. sqlite3.c:171433
(2) By Gunter Hick (gunter_hick) on 2023-04-20 08:44:11 in reply to 1 [link] [source]
Warnings by static analyzers have been notoriously useless in the past.
(3) By msolopov on 2023-06-16 05:43:30 in reply to 1 [source]
On the latest sqlite version (SQLITE_VERSION "3.42.0", SQLITE_SOURCE_ID "2023-05-16 12:36:15 831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0") PVS-Studio (version 7.25.72091, OS Windows) shows CWE warnings: V781 [CWE-20] The value of the 'k' index is checked after it was used. Perhaps there is a mistake in program logic. sqlite3.c 76178 V781 [CWE-20] The value of the 'k' index is checked after it was used. Perhaps there is a mistake in program logic. sqlite3.c 76261 V781 [CWE-20] The value of the 'k' index is checked after it was used. Perhaps there is a mistake in program logic. sqlite3.c 77371 V781 [CWE-20] The value of the 'cnt' index is checked after it was used. Perhaps there is a mistake in program logic. sqlite3.c 156140 V557 [CWE-125] Array underrun is possible. The value of 'iPg - 1' index could reach -1. sqlite3.c 77409 V568 [CWE-131] It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'pPager' class object. sqlite3.c 60556 V568 [CWE-131] It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'pPager' class object. sqlite3.c 60577 V614 [CWE-457] Potentially uninitialized variable 'zDbHeader[16]' used. sqlite3.c 71389 V614 [CWE-457] Potentially uninitialized variable 'zDbHeader[17]' used. sqlite3.c 71389 V614 [CWE-457] Potentially uninitialized variable 'zDbHeader[20]' used. sqlite3.c 71410 V595 [CWE-476] The 'aLabel' pointer was utilized before it was verified against nullptr. Check lines: 83713, 83727. sqlite3.c 83713 V595 [CWE-476] The 'pFarg' pointer was utilized before it was verified against nullptr. Check lines: 110877, 110892. sqlite3.c 110877 V595 [CWE-476] The 'pFKey->pNextTo' pointer was utilized before it was verified against nullptr. Check lines: 129390, 129393. sqlite3.c 129390 V595 [CWE-476] The 'piDataCur' pointer was utilized before it was verified against nullptr. Check lines: 132081, 132089. sqlite3.c 132081 V685 [CWE-480] Consider inspecting the return statement. The expression contains a comma. sqlite3.c 110516 V685 [CWE-480] Consider inspecting the return statement. The expression contains a comma. sqlite3.c 110832 V640 [CWE-483] The code's operational logic does not correspond with its formatting. The second statement will always be executed. It is possible that curly brackets are missing. sqlite3.c 159789 V519 [CWE-563] The 'res' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 48667, 48668. sqlite3.c 48668 V562 [CWE-563] It's odd to compare 0 or 1 with a value of 0: 0 == ((pPager)->pWal != 0). sqlite3.c 62100 V562 [CWE-563] It's odd to compare 0 or 1 with a value of 0. sqlite3.c 118390 V562 [CWE-563] It's odd to compare 0 or 1 with a value of 0. sqlite3.c 123417 V562 [CWE-563] It's odd to compare 0 or 1 with a value of 0. sqlite3.c 139367 V562 [CWE-563] It's odd to compare 0 or 1 with a value of 0. sqlite3.c 163258 V547 [CWE-570] Expression 'db->mallocFailed > prior_mallocFailed' is always false. sqlite3.c 89600 V560 [CWE-570] A part of conditional expression is always false: db->mallocFailed. sqlite3.c 105991 V560 [CWE-570] A part of conditional expression is always false: db->temp_store == 1. sqlite3.c 135991 V547 [CWE-570] Expression 'pSplit->pPrior' is always false. sqlite3.c 142749 V547 [CWE-570] Expression '(nExtraReg) > (pLoop->u.btree.nBtm)' is always false. Unsigned type value is never < 0. sqlite3.c 154894 V547 [CWE-570] Expression is always false. sqlite3.c 161746 V547 [CWE-570] Expression 'db->mallocFailed' is always false. sqlite3.c 163901 V547 [CWE-570] Expression 'db->mallocFailed' is always false. sqlite3.c 164214 V547 [CWE-570] Expression 'isThreadsafe == 0' is always false. sqlite3.c 178162 V560 [CWE-571] A part of conditional expression is always true: 8 > 0. sqlite3.c 102308 V547 [CWE-571] Expression '!db->mallocFailed' is always true. sqlite3.c 154644 V547 [CWE-571] Expression 'sCur.n == 0' is always true. sqlite3.c 162164 V547 [CWE-571] Expression 'i < ((int)(sizeof (Bitmask) * 8))' is always true. sqlite3.c 162632 V560 [CWE-571] A part of conditional expression is always true: (rc >= 0). sqlite3.c 176547 V581 [CWE-670] The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 48658, 48665. sqlite3.c 48665 V581 [CWE-670] The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 49216, 49228. sqlite3.c 49228 V581 [CWE-670] The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 67326, 67331. sqlite3.c 67331 V581 [CWE-670] The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 101744, 101749. sqlite3.c 101749 V581 [CWE-670] The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 102134, 102140. sqlite3.c 102140 V705 [CWE-691] It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics. sqlite3.c 88944 V1037 [CWE-691] Two or more case-branches perform the same actions. Check lines: 171494, 171876, 172501 sqlite3.c 171494 V1037 [CWE-691] Two or more case-branches perform the same actions. Check lines: 171901, 172428 sqlite3.c 171901 V1037 [CWE-691] Two or more case-branches perform the same actions. Check lines: 171894, 172424 sqlite3.c 171894 V1037 [CWE-691] Two or more case-branches perform the same actions. Check lines: 171527, 171545, 171883 sqlite3.c 171527 V1037 [CWE-691] Two or more case-branches perform the same actions. Check lines: 171318, 171642 sqlite3.c 171318 V1020 [CWE-772] The function exited without calling the 'sqlite3BtreeLeave' function. Check lines: 73462, 73434. sqlite3.c 73462 V1020 [CWE-772] The function exited without calling the 'sqlite3VdbeLeave' function. Check lines: 99624, 91487. sqlite3.c 99624 V580 [CWE-843] An odd explicit type casting: (VdbeCursor * *) & aMem[p->nChildMem]. Consider verifying it. sqlite3.c 85111 V580 [CWE-843] An odd explicit type casting: (VdbeCursor * *) & aMem[p->nMem]. Consider verifying it. sqlite3.c 97971 V1048 [CWE-1164] The 'rc' variable was assigned the same value. sqlite3.c 24487 V1048 [CWE-1164] The 'rc' variable was assigned the same value. sqlite3.c 24522 V1048 [CWE-1164] The 'flags3' variable was assigned the same value. sqlite3.c 92947 V1048 [CWE-1164] The 'pNew->nTabRef' variable was assigned the same value. sqlite3.c 113535 V1048 [CWE-1164] The 'nPk' variable was assigned the same value. sqlite3.c 124906 V1048 [CWE-1164] The 'pParse->pWith' variable was assigned the same value. sqlite3.c 144786 V1048 [CWE-1164] The 'yymsp[0].minor.yy47' variable was assigned the same value. sqlite3.c 171614 V1048 [CWE-1164] The 'yymsp[0].minor.yy41' variable was assigned the same value. sqlite3.c 172609 V1048 [CWE-1164] The 'yymsp[0].minor.yy41' variable was assigned the same value. sqlite3.c 172656 V1048 [CWE-1164] The 'db->busyHandler.nBusy' variable was assigned the same value. sqlite3.c 178887
(4) By Richard Hipp (drh) on 2023-06-16 14:49:18 in reply to 3 [link] [source]
WARNINGS: Do Not Trust PVS-Studio
Some of the "warnings" in the post above are flatly incorrect, and if you take them at face value and implement changes accordingly, you will introduce bugs. For example:
V547 [CWE-570] Expression 'db->mallocFailed > prior_mallocFailed' is always false. sqlite3.c 89600
Not true. We have test cases where the conditional is true. If you where to act upon this warning by removing the conditional, you would introduce a bug into your program.
V1048 [CWE-1164] The 'pParse->pWith' variable was assigned the same value. sqlite3.c 144786
Not true. If you remove this line of code, you will introduce a bug into the program. We have test cases to prove it.
There are other examples of this. All that said, I did make some changes to address warnings and to remove redundancies pointed out by the warnings, resulting in a very small performance improvement and size reduction, and for that I am grateful.
But my warning stands: Were it not for the very intense test suite in SQLite that enabled me to quickly find cases where PVS-Studio was wrong, I would have introduced bugs into SQLite while trying to address these static analyzer warnings.
Do Not Believe What PVS-Studio Tells You!
(5) By jose isaias cabrera (jicman) on 2023-06-16 15:23:19 in reply to 4 [link] [source]
I would follow Dr. Hipp's advice, but go further and report these falsies to PVS-Studio.