| Group |
Location |
Level |
Code |
Message |
| 64-bit errors |
socks_connecter.cpp:158 |
High |
V220 |
Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 's'. |
| 64-bit errors |
socks_connecter.cpp:436 |
High |
V220 |
Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 's'. |
| 64-bit errors |
stream_engine.cpp:981 |
High |
V220 |
Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 's'. |
| 64-bit errors |
tcp_connecter.cpp:423 |
High |
V220 |
Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 's'. |
| 64-bit errors |
tcp_connecter.cpp:160 |
High |
V220 |
Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'fd'. |
| 64-bit errors |
tcp_listener.cpp:179 |
High |
V220 |
Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 's'. |
| 64-bit errors |
tcp_listener.cpp:268 |
High |
V220 |
Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 's'. |
| 64-bit errors |
tcp_listener.cpp:144 |
High |
V220 |
Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 's'. |
| 64-bit errors |
tcp_listener.cpp:131 |
High |
V220 |
Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'fd'. |
| 64-bit errors |
decoder_allocators.cpp:85 |
Medium |
V119 |
More than one sizeof() operator is used in one expression. |
| 64-bit errors |
dist.cpp:188 |
Medium |
V127 |
An overflow of the 32-bit 'failed' variable is possible inside a long cycle which utilizes a memsize-type loop counter. |
| 64-bit errors |
msg.hpp:246 |
Medium |
V119 |
More than one sizeof() operator is used in one expression. |
| 64-bit errors |
msg.hpp:145 |
Medium |
V119 |
More than one sizeof() operator is used in one expression. |
| 64-bit errors |
msg.hpp:187 |
Medium |
V119 |
More than one sizeof() operator is used in one expression. |
| 64-bit errors |
msg.hpp:208 |
Medium |
V119 |
More than one sizeof() operator is used in one expression. |
| 64-bit errors |
msg.hpp:220 |
Medium |
V119 |
More than one sizeof() operator is used in one expression. |
| 64-bit errors |
msg.hpp:234 |
Medium |
V119 |
More than one sizeof() operator is used in one expression. |
| 64-bit errors |
zmq.cpp:549 |
Medium |
V127 |
An overflow of the 32-bit 'nread' variable is possible inside a long cycle which utilizes a memsize-type loop counter. |
| 64-bit errors |
options.cpp:786 |
Low |
V206 |
Explicit conversion from 'void *' to '__int64 *'. |
| 64-bit errors |
options.cpp:665 |
Low |
V206 |
Explicit conversion from 'void *' to 'int *'. |
| 64-bit errors |
options.cpp:687 |
Low |
V206 |
Explicit conversion from 'void *' to 'unsigned __int64 *'. |
| 64-bit errors |
options.cpp:169 |
Low |
V206 |
Explicit conversion from 'void *' to 'unsigned __int64 *'. |
| 64-bit errors |
options.cpp:262 |
Low |
V206 |
Explicit conversion from 'void *' to '__int64 *'. |
| 64-bit errors |
radio.cpp:107 |
Low |
V206 |
Explicit conversion from 'void *' to 'int *'. |
| 64-bit errors |
radio.cpp:112 |
Low |
V206 |
Explicit conversion from 'void *' to 'int *'. |
| 64-bit errors |
req.cpp:160 |
Low |
V206 |
Explicit conversion from 'void *' to 'unsigned int *'. |
| 64-bit errors |
select.cpp:455 |
Low |
V206 |
Explicit conversion from 'size_t *' to 'char *'. |
| 64-bit errors |
select.cpp:458 |
Low |
V206 |
Explicit conversion from 'size_t *' to 'char *'. |
| 64-bit errors |
select.cpp:461 |
Low |
V206 |
Explicit conversion from 'size_t *' to 'char *'. |
| 64-bit errors |
select.cpp:479 |
Low |
V206 |
Explicit conversion from 'size_t *' to 'char *'. |
| 64-bit errors |
select.cpp:482 |
Low |
V206 |
Explicit conversion from 'size_t *' to 'char *'. |
| 64-bit errors |
select.cpp:485 |
Low |
V206 |
Explicit conversion from 'size_t *' to 'char *'. |
| 64-bit errors |
select.cpp:577 |
Low |
V206 |
Explicit conversion from 'int *' to 'char *'. |
| 64-bit errors |
socket_base.cpp:435 |
Low |
V206 |
Explicit conversion from 'void *' to 'int *'. |
| 64-bit errors |
socket_base.cpp:402 |
Low |
V206 |
Explicit conversion from 'void *' to 'int *'. |
| 64-bit errors |
socket_base.cpp:437 |
Low |
V206 |
Explicit conversion from 'void *' to 'int *'. |
| 64-bit errors |
socket_base.cpp:419 |
Low |
V206 |
Explicit conversion from 'void *' to 'size_t *'. |
| 64-bit errors |
socket_base.cpp:461 |
Low |
V206 |
Explicit conversion from 'void *' to 'int *'. |
| 64-bit errors |
socket_base.cpp:439 |
Low |
V206 |
Explicit conversion from 'void *' to 'int *'. |
| 64-bit errors |
socket_poller.cpp:636 |
Low |
V206 |
Explicit conversion from 'size_t *' to 'char *'. |
| 64-bit errors |
socket_poller.cpp:633 |
Low |
V206 |
Explicit conversion from 'size_t *' to 'char *'. |
| 64-bit errors |
socket_poller.cpp:630 |
Low |
V206 |
Explicit conversion from 'size_t *' to 'char *'. |
| 64-bit errors |
socks_connecter.cpp:386 |
Low |
V206 |
Explicit conversion from 'int *' to 'char *'. |
| 64-bit errors |
tcp.cpp:306 |
Low |
V206 |
Explicit conversion from 'int *' to 'char *'. |
| 64-bit errors |
tcp_connecter.cpp:371 |
Low |
V206 |
Explicit conversion from 'int *' to 'char *'. |
| 64-bit errors |
xpub.cpp:165 |
Low |
V206 |
Explicit conversion from 'void *' to 'int *'. |
| 64-bit errors |
xpub.cpp:160 |
Low |
V206 |
Explicit conversion from 'void *' to 'int *'. |
| 64-bit errors |
xpub.cpp:157 |
Low |
V206 |
Explicit conversion from 'void *' to 'int *'. |
| 64-bit errors |
xpub.cpp:152 |
Low |
V206 |
Explicit conversion from 'void *' to 'int *'. |
| 64-bit errors |
xpub.cpp:163 |
Low |
V206 |
Explicit conversion from 'void *' to 'int *'. |
| 64-bit errors |
zmq_utils.cpp:72 |
Low |
V206 |
Explicit conversion from 'void *' to 'unsigned __int64 *'. |
| 64-bit errors |
zmq_utils.cpp:66 |
Low |
V206 |
Explicit conversion from 'unsigned __int64 *' to 'void *'. |
| General Analysis |
dish.cpp:258 |
High |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: group_msg. |
| General Analysis |
ip.cpp:365 |
High |
V547 |
Expression 'signaler_port == event_signaler_port' is always false. |
| General Analysis |
mtrie.cpp:41 |
High |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: next. |
| General Analysis |
radio.cpp:190 |
High |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: pending_msg. |
| General Analysis |
router.cpp:105 |
High |
V595 |
The 'optval_' pointer was utilized before it was verified against nullptr. Check lines: 105, 109. |
| General Analysis |
socket_poller.cpp:45 |
High |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: pollset_in, pollset_out, pollset_err. |
| General Analysis |
stream.cpp:181 |
High |
V595 |
The 'optval_' pointer was utilized before it was verified against nullptr. Check lines: 181, 185. |
| General Analysis |
sub.cpp:64 |
High |
V547 |
Expression 'option_ == 7' is always true. |
| General Analysis |
tcp_address.cpp:302 |
High |
V773 |
The 'addresses' pointer was assigned values twice without releasing the memory. A memory leak is possible. |
| General Analysis |
tcp_address.cpp:418 |
High |
V512 |
A call of the 'memcpy' function will lead to underflow of the buffer 'out_addr'. |
| General Analysis |
tcp_address.cpp:600 |
High |
V512 |
A call of the 'memcpy' function will lead to the 'sa' buffer becoming out of range. |
| General Analysis |
tcp_address.cpp:425 |
High |
V512 |
A call of the 'memcpy' function will lead to underflow of the buffer 'out_addr'. |
| General Analysis |
thread.hpp:52 |
High |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: descriptor. |
| General Analysis |
trie.cpp:40 |
High |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: next. |
| General Analysis |
udp_address.cpp:47 |
High |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: multicast, iface. |
| General Analysis |
udp_engine.cpp:46 |
High |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: raw_address, out_address, out_addrlen, out_buffer, in_buffer. |
| General Analysis |
ypipe.hpp:165 |
High |
V522 |
Dereferencing of the null pointer 'value_' might take place. The null pointer is passed into 'read' function. Inspect the first argument. Check lines: 'ypipe.hpp:165', 'mailbox_safe.cpp:40'. |
| General Analysis |
ypipe.hpp:165 |
High |
V522 |
Dereferencing of the null pointer 'value_' might take place. The null pointer is passed into 'read' function. Inspect the first argument. Check lines: 'ypipe.hpp:165', 'mailbox.cpp:39'. |
| General Analysis |
blob.hpp:78 |
Medium |
V575 |
The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 78, 74. |
| General Analysis |
blob.hpp:115 |
Medium |
V575 |
The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 115, 112. |
| General Analysis |
blob.hpp:125 |
Medium |
V575 |
The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 125, 122. |
| General Analysis |
curve_client.cpp:245 |
Medium |
V769 |
The 'ready_plaintext' pointer in the 'ready_plaintext + 32' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 245, 220. |
| General Analysis |
curve_client.cpp:226 |
Medium |
V575 |
The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 226, 223. |
| General Analysis |
curve_client_tools.hpp:206 |
Medium |
V769 |
The 'initiate_box' pointer in the 'initiate_box + 16' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 206, 168. |
| General Analysis |
curve_client_tools.hpp:232 |
Medium |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: cn_server, cn_cookie. |
| General Analysis |
curve_client_tools.hpp:175 |
Medium |
V575 |
The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 175, 171. |
| General Analysis |
curve_mechanism_base.cpp:57 |
Medium |
V512 |
A call of the 'memcpy' function will lead to underflow of the buffer 'message_nonce'. |
| General Analysis |
curve_mechanism_base.cpp:159 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'message_plaintext'. Check lines: 159, 140. |
| General Analysis |
curve_mechanism_base.cpp:146 |
Medium |
V575 |
The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 146, 143. |
| General Analysis |
curve_mechanism_base.cpp:69 |
Medium |
V575 |
The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 69, 66. |
| General Analysis |
curve_mechanism_base.cpp:91 |
Medium |
V769 |
The 'message_box' pointer in the 'message_box + 16' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 91, 74. |
| General Analysis |
curve_mechanism_base.cpp:39 |
Medium |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: cn_precom. |
| General Analysis |
curve_server.cpp:437 |
Medium |
V575 |
The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 437, 433. |
| General Analysis |
curve_server.cpp:41 |
Medium |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: cn_client, cookie_key. |
| General Analysis |
curve_server.cpp:465 |
Medium |
V769 |
The 'ready_box' pointer in the 'ready_box + 16' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 465, 447. |
| General Analysis |
ip.cpp:431 |
Medium |
V547 |
Expression 'sync != 0' is always false. |
| General Analysis |
ip.cpp:494 |
Medium |
V547 |
Expression 'sync != 0' is always false. |
| General Analysis |
ip.cpp:472 |
Medium |
V769 |
The 'dummy' pointer in the 'dummy + dummy_size' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 472, 463. |
| General Analysis |
mtrie.cpp:177 |
Medium |
V701 |
realloc() possible leak: when realloc() fails in allocating memory, original pointer '* buff_' is lost. Consider assigning realloc() to a temporary pointer. |
| General Analysis |
mtrie.cpp:112 |
Medium |
V701 |
realloc() possible leak: when realloc() fails in allocating memory, original pointer 'next.table' is lost. Consider assigning realloc() to a temporary pointer. |
| General Analysis |
mtrie.cpp:103 |
Medium |
V701 |
realloc() possible leak: when realloc() fails in allocating memory, original pointer 'next.table' is lost. Consider assigning realloc() to a temporary pointer. |
| General Analysis |
options.cpp:47 |
Medium |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: routing_id. |
| General Analysis |
pipe.cpp:73 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'pipes_[0]'. Check lines: 73, 66. |
| General Analysis |
pipe.cpp:74 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'pipes_[1]'. Check lines: 74, 69. |
| General Analysis |
req.cpp:88 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'request_id_copy'. Check lines: 88, 85. |
| General Analysis |
router.cpp:484 |
Medium |
V547 |
Expression '!options.raw_socket' is always true. |
| General Analysis |
select.cpp:440 |
Medium |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: read, write, error. |
| General Analysis |
session_base.cpp:619 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'engine'. Check lines: 619, 602. |
| General Analysis |
session_base.cpp:602 |
Medium |
V688 |
The 'engine' local variable possesses the same name as one of the class members, which can result in a confusion. |
| General Analysis |
session_base.cpp:555 |
Medium |
V688 |
The 'io_thread' local variable possesses the same name as one of the class members, which can result in a confusion. |
| General Analysis |
socket_base.cpp:1332 |
Medium |
V779 |
Unreachable code detected. It is possible that an error is present. |
| General Analysis |
socket_base.cpp:1067 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'tcp_addr'. Check lines: 1067, 1065. |
| General Analysis |
socket_base.cpp:177 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 's'. |
| General Analysis |
socket_base.cpp:884 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'paddr'. Check lines: 884, 840. |
| General Analysis |
socket_base.cpp:217 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'm'. Check lines: 217, 214. |
| General Analysis |
socket_base.cpp:565 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'paddr'. Check lines: 565, 562. |
| General Analysis |
socket_base.cpp:615 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'listener'. Check lines: 615, 613. |
| General Analysis |
socks.cpp:225 |
Medium |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: buf. |
| General Analysis |
socks.cpp:141 |
Medium |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: buf. |
| General Analysis |
socks.cpp:98 |
Medium |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: buf. |
| General Analysis |
socks.cpp:56 |
Medium |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: buf. |
| General Analysis |
stream_engine.cpp:65 |
Medium |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: greeting_recv, greeting_send. |
| General Analysis |
tcp_address.cpp:317 |
Medium |
V560 |
A part of conditional expression is always true: (rc == 111L). |
| General Analysis |
tcp_connecter.cpp:160 |
Medium |
V779 |
Unreachable code detected. It is possible that an error is present. |
| General Analysis |
trie.cpp:293 |
Medium |
V701 |
realloc() possible leak: when realloc() fails in allocating memory, original pointer '* buff_' is lost. Consider assigning realloc() to a temporary pointer. |
| General Analysis |
tweetnacl.c:57 |
Medium |
V1009 |
Check the array initialization. Only the first element is initialized explicitly. The rest elements are initialized with zeros. |
| General Analysis |
tweetnacl.c:247 |
Medium |
V557 |
Array overrun is possible. The value of 'i + 17 - j' index could reach 31. |
| General Analysis |
tweetnacl.c:723 |
Medium |
V557 |
Array underrun is possible. The value of 'j - (i - 32)' index could reach -31. |
| General Analysis |
tweetnacl.c:54 |
Medium |
V1009 |
Check the array initialization. Only the first element is initialized explicitly. The rest elements are initialized with zeros. |
| General Analysis |
tweetnacl.c:723 |
Medium |
V557 |
Array overrun is possible. The value of 'j - (i - 32)' index could reach 50. |
| General Analysis |
v1_encoder.cpp:36 |
Medium |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: tmpbuf. |
| General Analysis |
v2_encoder.cpp:36 |
Medium |
V730 |
Not all members of a class are initialized inside the constructor. Consider inspecting: tmpbuf. |
| General Analysis |
zmq.cpp:764 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'events'. Check lines: 764, 694. |
| General Analysis |
zmq_utils.cpp:87 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'thread'. Check lines: 87, 85. |
| General Analysis |
zmq_utils.cpp:65 |
Medium |
V522 |
There might be dereferencing of a potential null pointer 'watch'. Check lines: 65, 63. |
| General Analysis |
curve_mechanism_base.cpp:111 |
Low |
V526 |
The 'memcmp' function returns 0 if corresponding buffers are equal. Consider examining the condition for mistakes. |
| General Analysis |
curve_server.cpp:146 |
Low |
V526 |
The 'memcmp' function returns 0 if corresponding buffers are equal. Consider examining the condition for mistakes. |
| General Analysis |
curve_server.cpp:277 |
Low |
V526 |
The 'memcmp' function returns 0 if corresponding buffers are equal. Consider examining the condition for mistakes. |
| General Analysis |
curve_server.cpp:378 |
Low |
V526 |
The 'memcmp' function returns 0 if corresponding buffers are equal. Consider examining the condition for mistakes. |
| General Analysis |
dealer.cpp:62 |
Low |
V519 |
The 'rc' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 58, 62. |
| General Analysis |
plain_server.cpp:218 |
Low |
V526 |
The 'memcmp' function returns 0 if corresponding buffers are equal. Consider examining the condition for mistakes. |
| General Analysis |
plain_server.cpp:124 |
Low |
V526 |
The 'memcmp' function returns 0 if corresponding buffers are equal. Consider examining the condition for mistakes. |
| General Analysis |
proxy.cpp:348 |
Low |
V522 |
There might be dereferencing of a potential null pointer 'poller_backend_only'. |
| General Analysis |
proxy.cpp:345 |
Low |
V522 |
There might be dereferencing of a potential null pointer 'poller_frontend_only'. |
| General Analysis |
proxy.cpp:328 |
Low |
V522 |
There might be dereferencing of a potential null pointer 'poller_send_blocked'. |
| General Analysis |
proxy.cpp:322 |
Low |
V522 |
There might be dereferencing of a potential null pointer 'poller_both_blocked'. |
| General Analysis |
router.cpp:87 |
Low |
V519 |
The 'rc' variable is assigned values twice successively. Perhaps this is a mistake. Check lines: 83, 87. |
| General Analysis |
select.cpp:157 |
Low |
V669 |
The 'handle_' argument is a non-constant reference. The analyzer is unable to determine the position at which this argument is being modified. It is possible that the function contains an error. |
| General Analysis |
socket_base.cpp:1477 |
Low |
V524 |
It is odd that the body of 'xrecv' function is fully equivalent to the body of 'xsend' function. |
| General Analysis |
socket_base.cpp:1470 |
Low |
V524 |
It is odd that the body of 'xleave' function is fully equivalent to the body of 'xjoin' function. |
| General Analysis |
tcp_address.cpp:892 |
Low |
V526 |
The 'memcmp' function returns 0 if corresponding buffers are equal. Consider examining the condition for mistakes. |
| General Analysis |
tcp_address.cpp:429 |
Low |
V547 |
Expression 'out_addrlen <= sizeof (address)' is always true. |
| General Analysis |
udp_engine.cpp:183 |
Low |
V688 |
The 'address' local variable possesses the same name as one of the class members, which can result in a confusion. |
| General Analysis |
zap_client.cpp:181 |
Low |
V526 |
The 'memcmp' function returns 0 if corresponding buffers are equal. Consider examining the condition for mistakes. |
| General Analysis |
zap_client.cpp:173 |
Low |
V526 |
The 'memcmp' function returns 0 if corresponding buffers are equal. Consider examining the condition for mistakes. |
| General Analysis |
zmq.cpp:311 |
Low |
V524 |
It is odd that the body of 'zmq_disconnect' function is fully equivalent to the body of 'zmq_unbind' function. |
| General Analysis |
zmq.cpp:1490 |
Low |
V601 |
The 'true' value is implicitly cast to the integer type. |
| General Analysis |
zmq.cpp:1502 |
Low |
V601 |
The 'true' value is implicitly cast to the integer type. |
| General Analysis |
zmq.cpp:1505 |
Low |
V601 |
The 'false' value is implicitly cast to the integer type. |
| General Analysis |
zmq.cpp:206 |
Low |
V524 |
It is odd that the body of 'zmq_ctx_destroy' function is fully equivalent to the body of 'zmq_term' function. |
| Micro-optimizations |
router.cpp:516 |
Low |
V807 |
Decreased performance. Consider creating a reference to avoid using the 'it->second' expression repeatedly. |
| Micro-optimizations |
socket_base.cpp:1036 |
Low |
V821 |
Decreased performance. The 'addr_str' variable can be constructed in a lower level scope. |
| Micro-optimizations |
xpub.cpp:274 |
Low |
V807 |
Decreased performance. Consider creating a reference to avoid using the 'pending_data.front()' expression repeatedly. |