| Date: | 09/10/20 18:40:43 |
|---|---|
| PVS-Studio Version: | 7.09.41189.2508 |
| Total Warnings (GA): | 38 |
| Total Warnings (64): | 10 |
| Group | Projects | Location | Level | Code | CWE | Message |
|---|---|---|---|---|---|---|
| 64-bit errors | OBJLIB |
miniz.h:1540 | High | V220 | Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'in_bytes'. | |
| 64-bit errors | OBJLIB |
miniz.h:1545 | High | V220 | Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'out_bytes'. | |
| 64-bit errors | OBJLIB |
miniz.h:1710 | High | V220 | Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'in_bytes'. | |
| 64-bit errors | OBJLIB |
miniz.h:1714 | High | V220 | Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'out_bytes'. | |
| 64-bit errors | OBJLIB |
miniz.h:1753 | High | V220 | Suspicious sequence of types castings: memsize -> 32-bit integer -> memsize. The value being cast: 'in_bytes'. | |
| 64-bit errors | OBJLIB |
miniz.h:3374 | Medium | V127 | An overflow of the 32-bit 'lookahead_size' variable is possible inside a long cycle which utilizes a memsize-type loop counter. | |
| 64-bit errors | OBJLIB |
miniz.h:3597 | Medium | V127 | An overflow of the 32-bit 'd->m_lookahead_size' variable is possible inside a long cycle which utilizes a memsize-type loop counter. | |
| 64-bit errors | OBJLIB |
miniz.h:3696 | Medium | V127 | An overflow of the 32-bit 'd->m_lookahead_pos' variable is possible inside a long cycle which utilizes a memsize-type loop counter. | |
| 64-bit errors | OBJLIB |
zip.c:635 | Medium | V124 | Function 'fread' reads '65536' bytes. The alignment rules and type sizes have been changed. Consider reviewing this value. | |
| 64-bit errors | OBJLIB |
miniz.h:3607 | Low | V127 | An overflow of the 32-bit 'ins_pos' variable is possible inside a long cycle which utilizes a memsize-type loop counter. | |
| General Analysis | OBJLIB |
miniz.h:2120 | High | V512 | CWE-682 | A call of the 'memset' function will lead to underflow of the buffer 'r->m_tables[1].m_code_size'. |
| General Analysis | OBJLIB |
miniz.h:2958 | High | V512 | CWE-682 | A call of the 'memset' function will lead to underflow of the buffer 'd->m_huff_code_sizes[1]'. |
| General Analysis | OBJLIB |
miniz.h:2062 | High | V1028 | CWE-190 | Possible overflow. Consider casting operands of the '1U << (8U + (r->m_zhdr0 >> 4))' operator to the 'size_t' type, not the result. |
| General Analysis | OBJLIB |
zip.c:880 | High | V597 | CWE-14 | The compiler could delete the 'memset' function call, which is used to flush 'symlink_to' buffer. The RtlSecureZeroMemory() function should be used to erase the private data. |
| General Analysis | OBJLIB |
miniz.h:5326 | Medium | V1032 | CWE-843 | The pointer 'pLocal_header' is cast to a more strictly aligned pointer type. |
| General Analysis | OBJLIB |
miniz.h:4720 | Medium | V1032 | CWE-843 | The pointer 'pZip64_end_of_central_dir' is cast to a more strictly aligned pointer type. |
| General Analysis | OBJLIB |
miniz.h:4708 | Medium | V1032 | CWE-843 | The pointer 'pZip64_locator' is cast to a more strictly aligned pointer type. |
| General Analysis | OBJLIB |
miniz.h:4697 | Medium | V1032 | CWE-843 | The pointer 'pBuf' is cast to a more strictly aligned pointer type. |
| General Analysis | OBJLIB |
miniz.h:4631 | Medium | V1032 | CWE-843 | The pointer 'pBuf' is cast to a more strictly aligned pointer type. |
| General Analysis | OBJLIB |
miniz.h:1592 | Medium | V547 | CWE-570 | Expression '(source_len | * pDest_len) > 0xFFFFFFFFU' is always false. |
| General Analysis | OBJLIB |
miniz.h:1813 | Medium | V547 | CWE-570 | Expression '(source_len | * pDest_len) > 0xFFFFFFFFU' is always false. |
| General Analysis | OBJLIB |
miniz.h:4857 | Medium | V547 | CWE-571 | Expression 'extra_size_remaining' is always true. |
| General Analysis | OBJLIB |
miniz.h:5367 | Medium | V560 | CWE-570 | A part of conditional expression is always false: (read_buf_size > 0x7FFFFFFF). |
| General Analysis | OBJLIB |
miniz.h:6531 | Medium | V1032 | CWE-843 | The pointer 'pLocal_header' is cast to a more strictly aligned pointer type. |
| General Analysis | OBJLIB |
miniz.h:3277 | Medium | V761 | Three identical blocks of text were found. | |
| General Analysis | OBJLIB |
miniz.h:6004 | Medium | V684 | CWE-682 | A value of the variable 'version_made_by' is not modified. Consider inspecting the expression. It is possible that '1' should be present instead of '0'. |
| General Analysis | OBJLIB |
miniz.h:5537 | Medium | V1032 | CWE-843 | The pointer 'pLocal_header' is cast to a more strictly aligned pointer type. |
| General Analysis | test.out |
test.c:161 | Medium | V701 | CWE-401 | realloc() possible leak: when realloc() fails in allocating memory, original pointer 'buf->data' is lost. Consider assigning realloc() to a temporary pointer. |
| General Analysis | test.out |
test.c:132 | Medium | V575 | CWE-628 | The potential null pointer is passed into 'strncmp' function. Inspect the first argument. Check lines: 132, 127. |
| General Analysis | test.out |
test.c:164 | Medium | V522 | CWE-690 | There might be dereferencing of a potential null pointer 'buf->data'. Check lines: 164, 161. |
| General Analysis | OBJLIB |
miniz.h:1796 | Low | V524 | It is odd that the body of 'mz_inflateEnd' function is fully equivalent to the body of 'mz_deflateEnd' function. | |
| General Analysis | OBJLIB |
miniz.h:3388 | Low | V1051 | CWE-754 | Consider checking for misprints. It's possible that the 'dict_size' should be checked here. |
| General Analysis | OBJLIB |
miniz.h:2519 | Low | V1051 | CWE-754 | Consider checking for misprints. It's possible that the 'in_buf_ofs' should be used inside '(* pPut_buf_func)' function. |
| General Analysis | OBJLIB |
miniz.h:3214 | Low | V512 | CWE-682 | A call of the 'memset' function will lead to underflow of the buffer '& d->m_huff_count[0][0]'. |
| General Analysis | OBJLIB |
miniz.h:3850 | Low | V512 | CWE-682 | A call of the 'memset' function will lead to underflow of the buffer '& d->m_huff_count[0][0]'. |
| General Analysis | OBJLIB |
miniz.h:3822 | Low | V522 | CWE-628 | Dereferencing of the null pointer 'd' might take place. The potential null pointer is passed into 'tdefl_init' function. Inspect the first argument. Check lines: 3822, 6242. |
| General Analysis | OBJLIB |
miniz.h:3371 | Low | V658 | CWE-190 | A value is being subtracted from the unsigned variable. This can result in an overflow. In such a case, the '<' comparison operation can potentially behave unexpectedly. |
| General Analysis | OBJLIB |
miniz.h:6527 | Low | V1051 | CWE-754 | Consider checking for misprints. It's possible that the 'cur_dst_file_ofs' should be used inside 'pSource_zip->m_pRead' function. |
| General Analysis | OBJLIB |
miniz.h:3633 | Low | V1051 | CWE-754 | Consider checking for misprints. It's possible that the 'd->m_dict_size' should be checked here. |
| General Analysis | OBJLIB |
miniz.h:3237 | Low | V1019 | CWE-480 | Compound assignment expression 'n -= bytes_to_copy' is used inside condition. |
| General Analysis | OBJLIB |
miniz.h:5396 | Low | V769 | CWE-119 | The '(mz_uint8 *) pBuf' pointer in the '(mz_uint8 *) pBuf + out_buf_ofs' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. |
| General Analysis | OBJLIB |
miniz.h:2461 | Low | V575 | CWE-628 | The null pointer is passed into 'free' function. Inspect the first argument. |
| General Analysis | OBJLIB |
zip.c:849 | Low | V526 | The 'strncmp' function returns 0 if corresponding strings are equal. Consider examining the condition for mistakes. | |
| General Analysis | OBJLIB |
zip.c:476 | Low | V1029 | CWE-197 | Numeric Truncation Error. Return value of the 'strlen' function is written to the 16-bit variable. |
| General Analysis | OBJLIB |
zip.c:848 | Low | V526 | The 'strncmp' function returns 0 if corresponding strings are equal. Consider examining the condition for mistakes. | |
| General Analysis | test.out |
test.c:137 | Low | V1048 | CWE-1164 | The 'buftmp' variable was assigned the same value. |
| General Analysis | test.out |
test.c:430 | Low | V576 | CWE-628 | Incorrect format. Consider checking the third actual argument of the 'fprintf' function. The integer argument of 32-bit size is expected. |
| General Analysis | test.out |
test.c:431 | Low | V576 | CWE-628 | Incorrect format. Consider checking the third actual argument of the 'fprintf' function. The integer argument of 32-bit size is expected. |