Report any bugs here and we'll post fixes
Moderators: Sascha Willems, Thomas
by Andrey2011 » Mon Feb 28, 2011 9:05 am
I've tested my PVS-Studio analyzer with Newton Game Dynamics. While analyzing this project I've found some warnings and decided to mention it. Hope it will come in handy. The
general-purpose analyzer generated these warning:
V512 A call of the 'memset' function will lead to a buffer overflow or underflow. physics dgcollisioncompoundbreakable.cpp 702
- Code: Select all
dgCollisionCompoundBreakable::dgCollisionCompoundBreakable (...)
{
...
dgInt32 faceOffsetHitogram[256];
dgSubMesh* mainSegmenst[256];
...
memset (faceOffsetHitogram, 0, sizeof (faceOffsetHitogram));
memset (mainSegmenst, 0, sizeof (faceOffsetHitogram));
...
}
Correct: memset (mainSegmenst, 0, sizeof (mainSegmenst));
-----
V519 The 'damp' object is assigned values twice successively. Perhaps this is a mistake. physics dgbody.cpp 404
- Code: Select all
void dgBody::AddBuoyancyForce (...)
{
...
damp = (m_omega % m_omega) * dgFloat32 (10.0f) * fluidAngularViscousity;
damp = GetMax (GetMin ((m_omega % m_omega) * dgFloat32 (1000.0f) * fluidAngularViscousity, dgFloat32(0.25f)), dgFloat32(2.0f));
...
}
-----
V502 Perhaps the '?:' operator works in a different way than it was expected. The '?:' operator has a lower priority than the '*' operator. physics dgminkowskiconv.cpp 1061
- Code: Select all
dgInt32 CalculateConvexShapeIntersection (...)
{
...
den = dgFloat32 (1.0e-24f) *
(den > dgFloat32 (0.0f)) ? dgFloat32 (1.0f) : dgFloat32 (-1.0f);
...
}
This code is incorrect as the priority of '?:' operator is lower than of '*'. The correct version is:
- Code: Select all
den = dgFloat32 (1.0e-24f) *
((den > dgFloat32 (0.0f)) ? dgFloat32 (1.0f) : dgFloat32 (-1.0f));
-
Andrey2011
-
- Posts: 2
- Joined: Mon Feb 28, 2011 8:51 am
by Andrey2011 » Mon Feb 28, 2011 9:18 am
And: V502 Perhaps the '?:' operator works in a different way than it was expected. The '?:' operator has a lower priority than the '*' operator. physics dgminkowskiconv.cpp 1081
-
Andrey2011
-
- Posts: 2
- Joined: Mon Feb 28, 2011 8:51 am
by Julio Jerez » Mon Feb 28, 2011 9:30 am
wow thank you for the bug report,
of the three the last two were harmless, the first one will be fatal in 64 bit system but because the size of pointer is different than the size of int.
Thank you for running the engine truoght that tool, I am surprice it only found three errors, considering I never run newton troughtsuch tools.
My trick to make it robust is compiling with as many compilers as I come across.
so far it passes with GCC, Matrox code worrrior, Intel 8.0 and 10.0 and Visual studio all versions starting with VS6, and none detected those flaws.
The Bugs waere fixed and checked in, please sync to SVN again, and Please let me know if you find some more weak code.
-
Julio Jerez
- Moderator
-
- Posts: 12249
- Joined: Sun Sep 14, 2003 2:18 pm
- Location: Los Angeles
-
Return to Bugs and Fixes
Who is online
Users browsing this forum: No registered users and 2 guests