Fwd: New Defects reported by Coverity Scan for GNURadio

GNU Radio
1

The latest Coverity scan showed these new items. We should probably
double check them. The Null dereference is likely related to the order
in which some class methods get called.

The compare against zero of an unsigned number should be checked to make
sure that is what was really meant.

Philip

** CID 1189412: Explicit null dereferenced (FORWARD_NULL)
/var/lib/jenkins/jobs/GNURadio-master/workspace/gnuradio/gr-filter/lib/fft_filter.cc:
355 in gr::filter::kernel::fft_filter_ccf::fft_filter_ccf(int, const
std::vector<float, std::allocator> &, int)()

** CID 1189413: Unsigned compared against 0 (NO_EFFECT)
/var/lib/jenkins/jobs/GNURadio-master/workspace/gnuradio/gr-filter/lib/pfb_synthesizer_ccf_impl.cc:
225 in gr::filter::pfb_synthesizer_ccf_impl::set_channel_map(const
std::vector<int, std::allocator> &)()

*** CID 1189412: Explicit null dereferenced (FORWARD_NULL)
/var/lib/jenkins/jobs/GNURadio-master/workspace/gnuradio/gr-filter/lib/fft_filter.cc:
355 in gr::filter::kernel::fft_filter_ccf::fft_filter_ccf(int, const
std::vector<float, std::allocator> &, int)()
349
/**************************************************************/
350
351
352 fft_filter_ccf::fft_filter_ccf(int decimation,
353 const std::vector &taps,
354 int nthreads)

CID 1189412:  Explicit null dereferenced  (FORWARD_NULL)
Assigning: "this->d_fwdfft" = "NULL".

355 : d_fftsize(-1), d_decimation(decimation), d_fwdfft(0),
356 d_invfft(0), d_nthreads(nthreads), d_xformed_taps(NULL)
357 {
358 set_taps(taps);
359 }
360

*** CID 1189413: Unsigned compared against 0 (NO_EFFECT)
/var/lib/jenkins/jobs/GNURadio-master/workspace/gnuradio/gr-filter/lib/pfb_synthesizer_ccf_impl.cc:
225 in gr::filter::pfb_synthesizer_ccf_impl::set_channel_map(const
std::vector<int, std::allocator> &)()
219 {
220 gr::thread::scoped_lock guard(d_mutex);
221
222 if(map.size() > 0) {
223 unsigned int max = (unsigned
int)*std::max_element(map.begin(), map.end());
224 unsigned int min = (unsigned
int)*std::min_element(map.begin(), map.end());

CID 1189413:  Unsigned compared against 0  (NO_EFFECT)
This less-than-zero comparison of an unsigned value is never true. "min <

0U".
225 if((max >= d_twox*d_numchans) || (min < 0)) {
226 throw
std::invalid_argument(“pfb_synthesizer_ccf_impl::set_channel_map: map
range out of bounds.\n”);
227 }
228 d_channel_map = map;
229
230 // Zero out fft buffer so that unused channels are
always 0

2

On Mon, Mar 3, 2014 at 4:58 PM, Philip B. [email protected]
wrote:

The latest Coverity scan showed these new items. We should probably
double check them. The Null dereference is likely related to the order
in which some class methods get called.

The compare against zero of an unsigned number should be checked to make
sure that is what was really meant.

Philip

Too late. I already pushed fixes for these and updated Coverity.

I noticed the defect emails and it’s related to code I just pushed
this weekend, so it was easy enough for me to get them while they were
fresh in my mind.

Thanks for keeping on top of this, though.

Tom

3

On 03/03/2014 05:00 PM, Tom R. wrote:

Too late. I already pushed fixes for these and updated Coverity.

I noticed the defect emails and it’s related to code I just pushed
this weekend, so it was easy enough for me to get them while they were
fresh in my mind.

Thanks for keeping on top of this, though.

Thanks. I figured some visibility would encourage more people to pay
attention to Coverity.

You can sign up for Soverity at https://scan.coverity.com/ and then
request access to the GNU Radio reports. It’s a great way to learn about
some interesting coding errors.

While things like comparing unsigned ints with 0 may seem trivial, they
can be pointers to actual bugs.

Philip