https://bugs.winehq.org/show_bug.cgi?id=37131
Bug ID: 37131 Summary: Clang Static Analyzer: Division by zero Product: Wine Version: 1.7.22 Hardware: x86-64 OS: Linux Status: UNCONFIRMED Severity: normal Priority: P2 Component: -unknown Assignee: wine-bugs@winehq.org Reporter: lukebenes@hotmail.com
Clang Static Analyzer identifies Division by zero
File: dlls/winex11.drv/palette.c
Location: line 601, column 43
Description: Division by zero
#define NB_RESERVED_COLORS 20 ... static void X11DRV_PALETTE_FillDefaultColors(....) { ... int i = 0, idx = 0; int red, no_r, inc_r; ... if (palette_size <= NB_RESERVED_COLORS) return; while (i*i*i < (palette_size - NB_RESERVED_COLORS)) i++; no_r = no_g = no_b = --i; ... inc_r = (255 - NB_COLORCUBE_START_INDEX)/no_r; //Clang: Division by zero ... }
The code will continue executing if the palette_size variable is larger than or equal to 21. With the value 21, the 'i' variable will be first incremented by one and then decremented by one. As a result, the 'i' variable will remain equal to zero, which will cause the division-by-zero error.
https://bugs.winehq.org/show_bug.cgi?id=37131
--- Comment #1 from Austin English austinenglish@gmail.com --- This is your friendly reminder that there has been no bug activity for over a year. Is this still an issue in current (1.7.51 or newer) wine?
http://bugs.winehq.org/show_bug.cgi?id=37131
Janne janne.kekkonen@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC| |janne.kekkonen@gmail.com
--- Comment #2 from Janne janne.kekkonen@gmail.com --- tested with Wine 10.0 source.
command used in analyze. clang -I /usr/x86_64-w64-mingw32/include -I ~/wine10.0/include/ -fdeclspec --analyze -Xanalyzer -analyzer-checker=unix -ferror-limit=4000 palette.c
There was no error about division by zero. Based on code i is initialized to 1 in stead of 0.
static void X11DRV_PALETTE_FillDefaultColors(...) {
int i = 1, idx = 0; int red, no_r, inc_r; ... if (palette_size <= NB_RESERVED_COLORS) return; while (i*i*i <= (palette_size - NB_RESERVED_COLORS)) i++; no_r = no_g = no_b = --i; if ((no_r * (no_g+1) * no_b) <= (palette_size - NB_RESERVED_COLORS)) no_g++; if ((no_r * no_g * (no_b+1)) <= (palette_size - NB_RESERVED_COLORS)) no_b++; inc_r = (255 - NB_COLORCUBE_START_INDEX)/no_r; inc_g = (255 - NB_COLORCUBE_START_INDEX)/no_g; inc_b = (255 - NB_COLORCUBE_START_INDEX)/no_b;
Instead i got these errors related to palette.c.
palette.c:883:57: error: use of undeclared identifier 'NTGDI_OBJ_PAL' HPALETTE hPal = NtGdiGetDCObject( physDev->dev.hdc, NTGDI_OBJ_PAL ); ^ palette.c:914:57: error: use of undeclared identifier 'NTGDI_OBJ_PAL' HPALETTE hPal = NtGdiGetDCObject( physDev->dev.hdc, NTGDI_OBJ_PAL ); ^ palette.c:1360:53: error: use of undeclared identifier 'NTGDI_OBJ_PAL' HPALETTE hpal = NtGdiGetDCObject( dev->hdc, NTGDI_OBJ_PAL ); ^ palette.c:1394:52: error: use of undeclared identifier 'NtGdiIsMemDC' if (palette_size && NtGdiGetDCDword( dev->hdc, NtGdiIsMemDC, &is_memdc ) && is_memdc)
http://bugs.winehq.org/show_bug.cgi?id=37131
Janne janne.kekkonen@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- CC|janne.kekkonen@gmail.com |
http://bugs.winehq.org/show_bug.cgi?id=37131
Ken Sharp imwellcushtymelike@gmail.com changed:
What |Removed |Added ---------------------------------------------------------------------------- Resolution|--- |FIXED Status|UNCONFIRMED |RESOLVED
--- Comment #3 from Ken Sharp imwellcushtymelike@gmail.com ---
There was no error about division by zero.
Fixed then. If you have found a new bug then it needs a new bug report.
http://bugs.winehq.org/show_bug.cgi?id=37131
Alexandre Julliard julliard@winehq.org changed:
What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |CLOSED
--- Comment #4 from Alexandre Julliard julliard@winehq.org --- Closing bugs fixed in 10.11.
-
wine-bugs@winehq.org -
WineHQ Bugzilla