SQLite User Forum

PVS-Studio Warnings
Login

PVS-Studio Warnings

(1) By tnodir on 2023-04-19 11:35:47 [source]

#define SQLITE_VERSION "3.41.2"

#define SQLITE_SOURCE_ID "2023-03-22 11:56:21 0d1fc92f94cb6b76bffe3ec34d69cffde2924203304e8ffc4155597af0c191da"

  1. (V781) The value of the 'i' index is checked after it was used. Perhaps there is a mistake in program logic. sqlite3.c:34495

  2. (V595) The 'aLabel' pointer was utilized before it was verified against nullptr. Check lines: 83249, 83263. sqlite3.c:83249

  3. (V570) The 'yymsp[0].minor.yy528' variable is assigned to itself. sqlite3.c:171433

(2) By Gunter Hick (gunter_hick) on 2023-04-20 08:44:11 in reply to 1 [link] [source]

Warnings by static analyzers have been notoriously useless in the past.

(3) By msolopov on 2023-06-16 05:43:30 in reply to 1 [link] [source]

On the latest sqlite version (SQLITE_VERSION "3.42.0", SQLITE_SOURCE_ID      "2023-05-16 12:36:15 831d0fb2836b71c9bc51067c49fee4b8f18047814f2ff22d817d25195cf350b0")

PVS-Studio (version 7.25.72091, OS Windows) shows CWE warnings:

V781 [CWE-20] The value of the 'k' index is checked after it was used. Perhaps there is a mistake in program logic. sqlite3.c 76178
V781 [CWE-20] The value of the 'k' index is checked after it was used. Perhaps there is a mistake in program logic. sqlite3.c 76261
V781 [CWE-20] The value of the 'k' index is checked after it was used. Perhaps there is a mistake in program logic. sqlite3.c 77371
V781 [CWE-20] The value of the 'cnt' index is checked after it was used. Perhaps there is a mistake in program logic. sqlite3.c 156140
V557 [CWE-125] Array underrun is possible. The value of 'iPg - 1' index could reach -1. sqlite3.c 77409
V568 [CWE-131] It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'pPager' class object. sqlite3.c 60556
V568 [CWE-131] It's odd that 'sizeof()' operator evaluates the size of a pointer to a class, but not the size of the 'pPager' class object. sqlite3.c 60577
V614 [CWE-457] Potentially uninitialized variable 'zDbHeader[16]' used. sqlite3.c 71389
V614 [CWE-457] Potentially uninitialized variable 'zDbHeader[17]' used. sqlite3.c 71389
V614 [CWE-457] Potentially uninitialized variable 'zDbHeader[20]' used. sqlite3.c 71410
V595 [CWE-476] The 'aLabel' pointer was utilized before it was verified against nullptr. Check lines: 83713, 83727. sqlite3.c 83713
V595 [CWE-476] The 'pFarg' pointer was utilized before it was verified against nullptr. Check lines: 110877, 110892. sqlite3.c 110877
V595 [CWE-476] The 'pFKey->pNextTo' pointer was utilized before it was verified against nullptr. Check lines: 129390, 129393. sqlite3.c 129390
V595 [CWE-476] The 'piDataCur' pointer was utilized before it was verified against nullptr. Check lines: 132081, 132089. sqlite3.c 132081
V685 [CWE-480] Consider inspecting the return statement. The expression contains a comma. sqlite3.c 110516
V685 [CWE-480] Consider inspecting the return statement. The expression contains a comma. sqlite3.c 110832
V640 [CWE-483] The code's operational logic does not correspond with its formatting. The second statement will always be executed. It is possible that curly brackets are missing. sqlite3.c 159789
V519 [CWE-563] The 'res' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 48667, 48668. sqlite3.c 48668
V562 [CWE-563] It's odd to compare 0 or 1 with a value of 0: 0 == ((pPager)->pWal != 0). sqlite3.c 62100
V562 [CWE-563] It's odd to compare 0 or 1 with a value of 0. sqlite3.c 118390
V562 [CWE-563] It's odd to compare 0 or 1 with a value of 0. sqlite3.c 123417
V562 [CWE-563] It's odd to compare 0 or 1 with a value of 0. sqlite3.c 139367
V562 [CWE-563] It's odd to compare 0 or 1 with a value of 0. sqlite3.c 163258
V547 [CWE-570] Expression 'db->mallocFailed > prior_mallocFailed' is always false. sqlite3.c 89600
V560 [CWE-570] A part of conditional expression is always false: db->mallocFailed. sqlite3.c 105991
V560 [CWE-570] A part of conditional expression is always false: db->temp_store == 1. sqlite3.c 135991
V547 [CWE-570] Expression 'pSplit->pPrior' is always false. sqlite3.c 142749
V547 [CWE-570] Expression '(nExtraReg) > (pLoop->u.btree.nBtm)' is always false. Unsigned type value is never < 0. sqlite3.c 154894
V547 [CWE-570] Expression is always false. sqlite3.c 161746
V547 [CWE-570] Expression 'db->mallocFailed' is always false. sqlite3.c 163901
V547 [CWE-570] Expression 'db->mallocFailed' is always false. sqlite3.c 164214
V547 [CWE-570] Expression 'isThreadsafe == 0' is always false. sqlite3.c 178162
V560 [CWE-571] A part of conditional expression is always true: 8 > 0. sqlite3.c 102308
V547 [CWE-571] Expression '!db->mallocFailed' is always true. sqlite3.c 154644
V547 [CWE-571] Expression 'sCur.n == 0' is always true. sqlite3.c 162164
V547 [CWE-571] Expression 'i < ((int)(sizeof (Bitmask) * 8))' is always true. sqlite3.c 162632
V560 [CWE-571] A part of conditional expression is always true: (rc >= 0). sqlite3.c 176547
V581 [CWE-670] The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 48658, 48665. sqlite3.c 48665
V581 [CWE-670] The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 49216, 49228. sqlite3.c 49228
V581 [CWE-670] The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 67326, 67331. sqlite3.c 67331
V581 [CWE-670] The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 101744, 101749. sqlite3.c 101749
V581 [CWE-670] The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 102134, 102140. sqlite3.c 102140
V705 [CWE-691] It is possible that 'else' block was forgotten or commented out, thus altering the program's operation logics. sqlite3.c 88944
V1037 [CWE-691] Two or more case-branches perform the same actions. Check lines: 171494, 171876, 172501 sqlite3.c 171494
V1037 [CWE-691] Two or more case-branches perform the same actions. Check lines: 171901, 172428 sqlite3.c 171901
V1037 [CWE-691] Two or more case-branches perform the same actions. Check lines: 171894, 172424 sqlite3.c 171894
V1037 [CWE-691] Two or more case-branches perform the same actions. Check lines: 171527, 171545, 171883 sqlite3.c 171527
V1037 [CWE-691] Two or more case-branches perform the same actions. Check lines: 171318, 171642 sqlite3.c 171318
V1020 [CWE-772] The function exited without calling the 'sqlite3BtreeLeave' function. Check lines: 73462, 73434. sqlite3.c 73462
V1020 [CWE-772] The function exited without calling the 'sqlite3VdbeLeave' function. Check lines: 99624, 91487. sqlite3.c 99624
V580 [CWE-843] An odd explicit type casting: (VdbeCursor * *) & aMem[p->nChildMem]. Consider verifying it. sqlite3.c 85111
V580 [CWE-843] An odd explicit type casting: (VdbeCursor * *) & aMem[p->nMem]. Consider verifying it. sqlite3.c 97971
V1048 [CWE-1164] The 'rc' variable was assigned the same value. sqlite3.c 24487
V1048 [CWE-1164] The 'rc' variable was assigned the same value. sqlite3.c 24522
V1048 [CWE-1164] The 'flags3' variable was assigned the same value. sqlite3.c 92947
V1048 [CWE-1164] The 'pNew->nTabRef' variable was assigned the same value. sqlite3.c 113535
V1048 [CWE-1164] The 'nPk' variable was assigned the same value. sqlite3.c 124906
V1048 [CWE-1164] The 'pParse->pWith' variable was assigned the same value. sqlite3.c 144786
V1048 [CWE-1164] The 'yymsp[0].minor.yy47' variable was assigned the same value. sqlite3.c 171614
V1048 [CWE-1164] The 'yymsp[0].minor.yy41' variable was assigned the same value. sqlite3.c 172609
V1048 [CWE-1164] The 'yymsp[0].minor.yy41' variable was assigned the same value. sqlite3.c 172656
V1048 [CWE-1164] The 'db->busyHandler.nBusy' variable was assigned the same value. sqlite3.c 178887

(4) By Richard Hipp (drh) on 2023-06-16 14:49:18 in reply to 3 [link] [source]

WARNINGS: Do Not Trust PVS-Studio

Some of the "warnings" in the post above are flatly incorrect, and if you take them at face value and implement changes accordingly, you will introduce bugs. For example:

V547 [CWE-570] Expression 'db->mallocFailed > prior_mallocFailed' is always false. sqlite3.c 89600

Not true. We have test cases where the conditional is true. If you where to act upon this warning by removing the conditional, you would introduce a bug into your program.

V1048 [CWE-1164] The 'pParse->pWith' variable was assigned the same value. sqlite3.c 144786

Not true. If you remove this line of code, you will introduce a bug into the program. We have test cases to prove it.

There are other examples of this. All that said, I did make some changes to address warnings and to remove redundancies pointed out by the warnings, resulting in a very small performance improvement and size reduction, and for that I am grateful.

But my warning stands: Were it not for the very intense test suite in SQLite that enabled me to quickly find cases where PVS-Studio was wrong, I would have introduced bugs into SQLite while trying to address these static analyzer warnings.

Do Not Believe What PVS-Studio Tells You!

(5) By jose isaias cabrera (jicman) on 2023-06-16 15:23:19 in reply to 4 [link] [source]

I would follow Dr. Hipp's advice, but go further and report these falsies to PVS-Studio.