Several issues found using cppcheck
On 97cf90b9 of the next branch the following issues were found by cppcheck
cd src
cppcheck . 2> cppcheck.log- [ ]
doomtype.h:178:11: error: syntax error [syntaxError]
typedef enum {false, true} boolean;
^- [x]
blua/lua.h:94:0: error: No header in #include [preprocessorErrorDirective]
#include LUA_USER_H
^- [x]
blua/ldo.c:128:3: error: Address of local auto-variable assigned to a function parameter. [autoVariables]
L->errorJmp = &lj;
^- [x]
d_clisrv.c:1646:2: error: Memory pointed to by 'savebuffer' is freed twice. [doubleFree]
free(savebuffer);
^- [x]
d_clisrv.c:1637:3: note: Memory pointed to by 'savebuffer' is freed twice.
free(savebuffer);
^- [x]
d_clisrv.c:1646:2: note: Memory pointed to by 'savebuffer' is freed twice.
free(savebuffer);
^- [ ]
dehacked.c:405:27: error: Array 'description[num].notes[441]' accessed at index 1023, which is out of bounds. [arrayIndexOutOfBounds]
description[num].notes[i] = '\0';
^- [ ]
dehacked.c:395:6: note: After for loop, i has value 1023
for (i = 0; i < MAXLINELEN-1; i++)
^- [ ]
dehacked.c:405:27: note: Array index out of bounds
description[num].notes[i] = '\0';
^- [ ]
dehacked.c:1187:18: error: Array 'gtdescription[441]' accessed at index 1023, which is out of bounds. [arrayIndexOutOfBounds]
gtdescription[i] = '\0';
^- [ ]
dehacked.c:1177:6: note: After for loop, i has value 1023
for (i = 0; i < MAXLINELEN-1; i++)
^- [ ]
dehacked.c:1187:18: note: Array index out of bounds
gtdescription[i] = '\0';
^- [ ]
djgppdos/i_sound.c:374:18: error: The address of local variable 'data' is accessed at non-zero index. [objectIndex]
((char *)&data)[1]=fp[2];
^- [ ]
djgppdos/i_sound.c:374:12: note: Address of variable taken here.
((char *)&data)[1]=fp[2];
^- [ ]
djgppdos/i_sound.c:374:18: note: The address of local variable 'data' is accessed at non-zero index.
((char *)&data)[1]=fp[2];
^- [ ]
djgppdos/i_sound.c:375:18: error: The address of local variable 'data' is accessed at non-zero index. [objectIndex]
((char *)&data)[2]=fp[1];
^- [ ]
djgppdos/i_sound.c:375:12: note: Address of variable taken here.
((char *)&data)[2]=fp[1];
^- [ ]
djgppdos/i_sound.c:375:18: note: The address of local variable 'data' is accessed at non-zero index.
((char *)&data)[2]=fp[1];
^- [ ]
djgppdos/i_sound.c:376:18: error: The address of local variable 'data' is accessed at non-zero index. [objectIndex]
((char *)&data)[3]=fp[0];
^- [ ]
djgppdos/i_sound.c:376:12: note: Address of variable taken here.
((char *)&data)[3]=fp[0];
^- [ ]
djgppdos/i_sound.c:376:18: note: The address of local variable 'data' is accessed at non-zero index.
((char *)&data)[3]=fp[0];
^- [ ]
p5prof.h:106:0: error: No pair for character ("). Can't process file. File is either invalid or unicode, which is currently not supported. [preprocessorErrorDirective]
#define RDTSC(_dst) \
^- [ ]
g_demo.c:794:37: error: Array 'mobjinfo[1167]' accessed at index -1, which is out of bounds. [negativeIndex]
mobj->sprite = states[mobjinfo[type].spawnstate].sprite;
^- [ ]
g_demo.c:767:19: note: Assignment 'type=-1', assigned value is -1
INT32 type = -1;
^- [ ]
g_demo.c:768:14: note: Assuming condition is false
if (g->mo->skin)
^- [ ]
g_demo.c:794:37: note: Negative array index
mobj->sprite = states[mobjinfo[type].spawnstate].sprite;
^- [ ]
g_demo.c:795:37: error: Array 'mobjinfo[1167]' accessed at index -1, which is out of bounds. [negativeIndex]
mobj->frame = (states[mobjinfo[type].spawnstate].frame & FF_FRAMEMASK) | tr_trans60<<FF_TRANSSHIFT;
^- [ ]
g_demo.c:767:19: note: Assignment 'type=-1', assigned value is -1
INT32 type = -1;
^- [ ]
g_demo.c:768:14: note: Assuming condition is false
if (g->mo->skin)
^- [ ]
g_demo.c:795:37: note: Negative array index
mobj->frame = (states[mobjinfo[type].spawnstate].frame & FF_FRAMEMASK) | tr_trans60<<FF_TRANSSHIFT;
^- [ ]
g_demo.c:1080:36: error: Array 'mobjinfo[1167]' accessed at index -1, which is out of bounds. [negativeIndex]
mobj->sprite = states[mobjinfo[type].spawnstate].sprite;
^- [ ]
g_demo.c:1054:18: note: Assignment 'type=-1', assigned value is -1
INT32 type = -1;
^- [ ]
g_demo.c:1055:13: note: Assuming condition is false
if (metal->skin)
^- [ ]
g_demo.c:1080:36: note: Negative array index
mobj->sprite = states[mobjinfo[type].spawnstate].sprite;
^- [ ]
g_demo.c:1081:35: error: Array 'mobjinfo[1167]' accessed at index -1, which is out of bounds. [negativeIndex]
mobj->frame = states[mobjinfo[type].spawnstate].frame;
^- [ ]
g_demo.c:1054:18: note: Assignment 'type=-1', assigned value is -1
INT32 type = -1;
^- [ ]
g_demo.c:1055:13: note: Assuming condition is false
if (metal->skin)
^- [ ]
g_demo.c:1081:35: note: Negative array index
mobj->frame = states[mobjinfo[type].spawnstate].frame;
^- [ ]
g_demo.c:1447:7: error: Array 'name[16]' accessed at index 16, which is out of bounds. [arrayIndexOutOfBounds]
name[i] = '\0';
^- [ ]
g_demo.c:1444:2: note: After for loop, i has value 16
for (i = 0; i < 16 && cv_playername.string[i]; i++)
^- [ ]
g_demo.c:1447:7: note: Array index out of bounds
name[i] = '\0';
^- [ ]
g_demo.c:1455:7: error: Array 'name[16]' accessed at index 16, which is out of bounds. [arrayIndexOutOfBounds]
name[i] = '\0';
^- [ ]
g_demo.c:1452:2: note: After for loop, i has value 16
for (i = 0; i < 16 && cv_skin.string[i]; i++)
^- [ ]
g_demo.c:1455:7: note: Array index out of bounds
name[i] = '\0';
^- [ ]
g_demo.c:1463:7: error: Array 'name[16]' accessed at index 16, which is out of bounds. [arrayIndexOutOfBounds]
name[i] = '\0';
^- [ ]
g_demo.c:1460:2: note: After for loop, i has value 16
for (i = 0; i < 16 && cv_playercolor.string[i]; i++)
^- [ ]
g_demo.c:1463:7: note: Array index out of bounds
name[i] = '\0';
^- [ ]
g_demo.c:999:43: error: Expression 'metal,*((int32_t*)metal_p)++,*((int32_t*)metal_p)++' depends on order of evaluation of side effects [unknownEvaluationOrder]
P_TeleportMove(metal, READFIXED(metal_p), READFIXED(metal_p), READFIXED(metal_p));
^- [ ]
g_demo.c:999:63: error: Expression 'metal,*((int32_t*)metal_p)++,*((int32_t*)metal_p)++,*((int32_t*)metal_p)++' depends on order of evaluation of side effects [unknownEvaluationOrder]
P_TeleportMove(metal, READFIXED(metal_p), READFIXED(metal_p), READFIXED(metal_p));
^- [ ]
hardware/hw_light.c:1353:9: warning: Possible null pointer dereference: bbox [nullPointer]
p1.y = FIXED_TO_FLOAT(bbox[BOXTOP ]);
^- [ ]
hardware/hw_light.c:1455:40: note: Calling function 'HWR_ComputeLightMapsInBSPNode', 2nd argument 'NULL' value is 0
HWR_ComputeLightMapsInBSPNode(bspnum, NULL);
^- [ ]
hardware/hw_light.c:1418:47: note: Calling function 'HWR_CheckSubsector', 2nd argument 'bbox' value is 0
HWR_CheckSubsector(bspnum&(~NF_SUBSECTOR), bbox);
^- [ ]
hardware/hw_light.c:1353:9: note: Null pointer dereference
p1.y = FIXED_TO_FLOAT(bbox[BOXTOP ]);
^- [ ]
hardware/hw_light.c:1354:9: warning: Possible null pointer dereference: bbox [nullPointer]
p1.x = FIXED_TO_FLOAT(bbox[BOXLEFT ]);
^- [ ]
hardware/hw_light.c:1455:40: note: Calling function 'HWR_ComputeLightMapsInBSPNode', 2nd argument 'NULL' value is 0
HWR_ComputeLightMapsInBSPNode(bspnum, NULL);
^- [ ]
hardware/hw_light.c:1418:47: note: Calling function 'HWR_CheckSubsector', 2nd argument 'bbox' value is 0
HWR_CheckSubsector(bspnum&(~NF_SUBSECTOR), bbox);
^- [ ]
hardware/hw_light.c:1354:9: note: Null pointer dereference
p1.x = FIXED_TO_FLOAT(bbox[BOXLEFT ]);
^- [ ]
hardware/hw_light.c:1355:9: warning: Possible null pointer dereference: bbox [nullPointer]
p2.y = FIXED_TO_FLOAT(bbox[BOXBOTTOM]);
^- [ ]
hardware/hw_light.c:1455:40: note: Calling function 'HWR_ComputeLightMapsInBSPNode', 2nd argument 'NULL' value is 0
HWR_ComputeLightMapsInBSPNode(bspnum, NULL);
^- [ ]
hardware/hw_light.c:1418:47: note: Calling function 'HWR_CheckSubsector', 2nd argument 'bbox' value is 0
HWR_CheckSubsector(bspnum&(~NF_SUBSECTOR), bbox);
^- [ ]
hardware/hw_light.c:1355:9: note: Null pointer dereference
p2.y = FIXED_TO_FLOAT(bbox[BOXBOTTOM]);
^- [ ]
hardware/hw_light.c:1356:9: warning: Possible null pointer dereference: bbox [nullPointer]
p2.x = FIXED_TO_FLOAT(bbox[BOXRIGHT ]);
^- [ ]
hardware/hw_light.c:1455:40: note: Calling function 'HWR_ComputeLightMapsInBSPNode', 2nd argument 'NULL' value is 0
HWR_ComputeLightMapsInBSPNode(bspnum, NULL);
^- [ ]
hardware/hw_light.c:1418:47: note: Calling function 'HWR_CheckSubsector', 2nd argument 'bbox' value is 0
HWR_CheckSubsector(bspnum&(~NF_SUBSECTOR), bbox);
^- [ ]
hardware/hw_light.c:1356:9: note: Null pointer dereference
p2.x = FIXED_TO_FLOAT(bbox[BOXRIGHT ]);
^- [ ]
hardware/hw_md2.c:517:9: error: Width 25 given in format string (no. 1) is larger than destination buffer 'name[24]', use %23s to prevent overflowing it. [invalidScanfFormatWidth]
while (fscanf(f, "%25s %31s %f %f", name, filename, &scale, &offset) == 4)
^- [ ]
hardware/hw_md2.c:594:9: error: Width 25 given in format string (no. 1) is larger than destination buffer 'name[24]', use %23s to prevent overflowing it. [invalidScanfFormatWidth]
while (fscanf(f, "%25s %31s %f %f", name, filename, &scale, &offset) == 4)
^- [ ]
hardware/hw_md2.c:646:9: error: Width 25 given in format string (no. 1) is larger than destination buffer 'name[24]', use %23s to prevent overflowing it. [invalidScanfFormatWidth]
while (fscanf(f, "%25s %31s %f %f", name, filename, &scale, &offset) == 4)
^- [ ]
p_mobj.c:2015:37: error: Uninitialized struct member: slopemom.z [uninitStructMember]
} else if (predictedz-mo->z > abs(slopemom.z/2)) { // Now check if we were supposed to stick to this slope
^- [ ]
p_polyobj.c:1209:28: error: Uninitialized struct member: origin.floorzset [uninitStructMember]
Polyobj_rotateThings(po, origin, delta, turnthings);
^- [ ]
p_polyobj.c:1209:28: error: Uninitialized struct member: origin.ceilingzset [uninitStructMember]
Polyobj_rotateThings(po, origin, delta, turnthings);
^- [ ]
p_polyobj.c:1209:28: error: Uninitialized struct member: origin.floorz [uninitStructMember]
Polyobj_rotateThings(po, origin, delta, turnthings);
^- [ ]
p_polyobj.c:1209:28: error: Uninitialized struct member: origin.ceilingz [uninitStructMember]
Polyobj_rotateThings(po, origin, delta, turnthings);
^- [ ]
r_patch.c:854:28: warning: Possible null pointer dereference: frameChar [nullPointer]
frameFrame = R_Char2Frame(frameChar[0]);
^- [ ]
r_patch.c:834:20: note: Assignment 'frameChar=NULL', assigned value is 0
char *frameChar = NULL;
^- [ ]
r_patch.c:847:25: note: Assuming condition is true
if (sprinfoTokenLength != 1)
^- [ ]
r_patch.c:854:28: note: Null pointer dereference
frameFrame = R_Char2Frame(frameChar[0]);
^- [ ]
sdl/i_main.c:220:2: error: Unmatched '}'. Configuration: 'BUGTRAP;HAVE_SDL'. [syntaxError]
}
^- [ ]
sdl/i_main.c:220:2: error: Unmatched '}'. Configuration: 'FORCESDLMAIN;HAVE_SDL'. [syntaxError]
}
^- [ ]
v_video.c:3714:59: error: Array 'screens[5]' accessed at index 5, which is out of bounds. [arrayIndexOutOfBounds]
CONS_Debug(DBG_RENDER, " screens[%d] = %x\n", i, screens[i]);
^- [ ]
win32/win_main.c:682:1: error: Unmatched '}'. Configuration: 'BUGTRAP;_WINDOWS'. [syntaxError]
}
^- [ ]
hardware/hw_light.c:1353:9: error: Null pointer dereference: bbox [ctunullpointer]
p1.y = FIXED_TO_FLOAT(bbox[BOXTOP ]);
^- [ ]
hardware/hw_light.c:1455:31: note: Calling function HWR_ComputeLightMapsInBSPNode, 2nd argument is null
HWR_ComputeLightMapsInBSPNode(bspnum, NULL);
^- [ ]
hardware/hw_light.c:1416:4: note: Calling function HWR_CheckSubsector, 2nd argument is null
HWR_CheckSubsector(0, bbox); // probably unecessary: see boris' comment in hw_bsp
^- [ ]
hardware/hw_light.c:1353:9: note: Dereferencing argument bbox that is null
p1.y = FIXED_TO_FLOAT(bbox[BOXTOP ]);
^Edited by LJ Sonic