Chromium V522 CWE-690 There might be dereferencing of a potential null pointer 'device_interface_detail_data'. Check lines: 103, 102. hid_service_win.cc 103 void HidServiceWin::EnumerateBlocking(....) { .... std::unique_ptr device_interface_detail_data( static_cast( malloc(required_size))); device_interface_detail_data->cbSize = sizeof(SP_DEVICE_INTERFACE_DETAIL_DATA); .... } ----------------------------------------------------------------- Chromium V522 CWE-690 There might be dereferencing of a potential null pointer 'file_'. Check lines: 716, 715. visitedlink_master.cc 716 void VisitedLinkMaster::OnTableLoadComplete(....) { .... file_ = static_cast(malloc(sizeof(*file_))); *file_ = load_from_file_result->file.release(); .... } ----------------------------------------------------------------- Chromium V575 CWE-628 The potential null pointer is passed into 'memset' function. Inspect the first argument. dns_config_service_win.cc 134 std::unique_ptr ReadIpHelper(ULONG flags) { .... std::unique_ptr out; .... out.reset(static_cast(malloc(len))); memset(out.get(), 0, len); .... } #add V575 CWE-628 The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 129, 127. nacl_validation_query.cc 129 ----------------------------------------------------------------- V8 V769 CWE-119 The 'copy' pointer in the 'copy + prefix_len' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 394, 393. code-assembler.cc 394 void CodeAssembler::Comment(const char* format, ...) { .... const int prefix_len = 2; int length = builder.position() + 1; char* copy = reinterpret_cast(malloc(length + prefix_len)); MemCopy(copy + prefix_len, builder.Finalize(), length); copy[0] = ';'; copy[1] = ' '; raw_assembler()->Comment(copy); } ----------------------------------------------------------------- Skia V554 CWE-762 Incorrect use of unique_ptr. The memory allocated with 'malloc' will be cleaned using 'delete'. grglprogrambuilder.cpp 275 GrGLProgram* GrGLProgramBuilder::finalize() { .... std::unique_ptr data((uint8_t*) malloc(dataLength)); .... } ----------------------------------------------------------------- LLVM-subzero V522 CWE-690 There might be dereferencing of a potential null pointer 'TheTable'. Check lines: 65, 59. stringmap.cpp 65 void StringMapImpl::init(unsigned InitSize) { assert((InitSize & (InitSize-1)) == 0 && "Init Size must be a power of 2 or zero!"); NumBuckets = InitSize ? InitSize : 16; NumItems = 0; NumTombstones = 0; TheTable = (StringMapEntryBase **) calloc(NumBuckets+1, sizeof(StringMapEntryBase **) + sizeof(unsigned)); // Allocate one extra bucket, set it to look filled // so the iterators stop at end. TheTable[NumBuckets] = (StringMapEntryBase*)2; } ----------------------------------------------------------------- LLVM-subzero V522 CWE-690 There might be dereferencing of a potential null pointer 'Buckets'. Check lines: 219, 217. foldingset.cpp 219 static void **AllocateBuckets(unsigned NumBuckets) { void **Buckets = static_cast(calloc(NumBuckets+1, sizeof(void*))); // Set the very last bucket to be a non-null "pointer". Buckets[NumBuckets] = reinterpret_cast(-1); return Buckets; } ----------------------------------------------------------------- LLVM-subzero V769 CWE-119 The 'NewTableArray' pointer in the 'NewTableArray + NewSize' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 218, 216. stringmap.cpp 218 unsigned StringMapImpl::RehashTable(unsigned BucketNo) { .... StringMapEntryBase **NewTableArray = (StringMapEntryBase **)calloc(NewSize+1, sizeof(StringMapEntryBase *) + sizeof(unsigned)); unsigned *NewHashArray = (unsigned *)(NewTableArray + NewSize + 1); NewTableArray[NewSize] = (StringMapEntryBase*)2; .... } ----------------------------------------------------------------- yasm V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 52, 51. substr.h 52 static SubStr * SubStr_new_u(unsigned char *s, unsigned int l) { SubStr *r = malloc(sizeof(SubStr)); r->str = (char*)s; r->len = l; return r; } #add V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 68, 67. substr.h 68 V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 84, 83. substr.h 84 V522 CWE-690 There might be dereferencing of a potential null pointer 'inc'. Check lines: 80, 79. genmodule.c 80 V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 25, 24. token.h 25 V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 44, 43. re.h 44 V522 CWE-690 There might be dereferencing of a potential null pointer 'ro'. Check lines: 62, 61. re.h 62 V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 126, 125. re.h 126 V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 134, 133. re.h 134 V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 145, 144. re.h 145 V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 155, 154. re.h 155 V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 165, 164. re.h 165 V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 174, 173. re.h 174 V522 CWE-628 Dereferencing of the null pointer 's' might take place. The potential null pointer is passed into 'Scanner_line' function. Inspect the first argument. Check lines: 'scanner.h:33', 'parser.c:241', 'scanner.h:39'. scanner.h 33 V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. substr.c 32 V522 CWE-690 There might be dereferencing of a potential null pointer 'a'. Check lines: 103, 102. dfa.h 103 V522 CWE-690 There might be dereferencing of a potential null pointer 'a'. Check lines: 113, 112. dfa.h 113 V522 CWE-690 There might be dereferencing of a potential null pointer 'a'. Check lines: 124, 123. dfa.h 124 V522 CWE-690 There might be dereferencing of a potential null pointer 'a'. Check lines: 135, 134. dfa.h 135 V522 CWE-690 There might be dereferencing of a potential null pointer 'a'. Check lines: 147, 146. dfa.h 147 V522 CWE-690 There might be dereferencing of a potential null pointer 's'. Check lines: 79, 78. dfa.c 79 V522 CWE-690 There might be dereferencing of a potential null pointer 'd'. Check lines: 132, 126. dfa.c 132 V522 CWE-690 There might be dereferencing of a potential null pointer 'span'. Check lines: 175, 130. dfa.c 175 V522 CWE-628 Dereferencing of the null pointer 's' might take place. The potential null pointer is passed into 'DFA_addState' function. Inspect the third argument. Check lines: 206, 241, 78. dfa.c 206 V522 CWE-690 There might be dereferencing of a potential null pointer 'ss'. actions.c 572 V522 CWE-690 There might be dereferencing of a potential null pointer 'ss'. actions.c 589 V522 CWE-690 There might be dereferencing of a potential null pointer 'r'. Check lines: 604, 603. actions.c 604 V522 CWE-690 There might be dereferencing of a potential null pointer 'b'. Check lines: 171, 170. code.c 171 V522 CWE-690 There might be dereferencing of a potential null pointer 'a'. Check lines: 384, 383. code.c 384 V522 CWE-690 There might be dereferencing of a potential null pointer 's'. Check lines: 655, 654. code.c 655 V522 CWE-690 There might be dereferencing of a potential null pointer 's->go.span'. Check lines: 757, 756. code.c 757 V522 CWE-690 There might be dereferencing of a potential null pointer 'data'. Check lines: 712, 708. nasm-pp.c 712 V522 CWE-690 There might be dereferencing of a potential null pointer 'data'. Check lines: 712, 708. nasm-pp.c 712 V522 CWE-690 There might be dereferencing of a potential null pointer 'struc'. Check lines: 808, 807. nasm-pp.c 808 ----------------------------------------------------------------- WebRTC V522 CWE-690 There might be dereferencing of a potential null pointer 'self'. Check lines: 22, 21. noise_suppression.c 22 NsHandle* WebRtcNs_Create() { NoiseSuppressionC* self = malloc(sizeof(NoiseSuppressionC)); self->initFlag = 0; return (NsHandle*)self; } ----------------------------------------------------------------- WebRTC V522 CWE-690 There might be dereferencing of a potential null pointer 'left'. Check lines: 412, 403. resampler.cc 412 V522 CWE-690 There might be dereferencing of a potential null pointer 'right'. Check lines: 413, 405. resampler.cc 413 int Resampler::Push(....) { .... int16_t* left = static_cast(malloc(lengthIn * sizeof(int16_t) / 2)); int16_t* right = static_cast(malloc(lengthIn * sizeof(int16_t) / 2)); .... for (size_t i = 0; i < lengthIn; i += 2) { left[i >> 1] = samplesIn[i]; right[i >> 1] = samplesIn[i + 1]; } .... } #add V522 CWE-690 There might be dereferencing of a potential null pointer 'aecm'. Check lines: 88, 84. echo_control_mobile.cc 88 V522 CWE-690 There might be dereferencing of a potential null pointer 'aecm'. Check lines: 218, 216. aecm_core.cc 218 V522 CWE-690 There might be dereferencing of a potential null pointer 'stt'. Check lines: 1203, 1195. analog_agc.c 1203 V522 CWE-690 There might be dereferencing of a potential null pointer 'instISAC'. Check lines: 282, 279. isac.c 282 ----------------------------------------------------------------- fips181 V575 CWE-628 The potential null pointer is passed into 'memcpy' function. Inspect the second argument. Check lines: 136, 132. convert.cc 136 void numerize (char *syllable) { char *tmp = (char *)calloc(1, 4); if ( strlen (syllable) == 1 ) { (void) gen_rand_symbol(tmp, S_NB); (void) memcpy ((void *)syllable, (void *)tmp, 1); } free ((void *)tmp); } #add V575 CWE-628 The potential null pointer is passed into 'memcpy' function. Inspect the second argument. Check lines: 160, 156. convert.cc 160 ----------------------------------------------------------------- openvr V575 CWE-628 The potential null pointer is passed into 'strcpy' function. Inspect the first argument. Check lines: 35, 34. dirtools_public.cpp 35 bool BCreateDirectoryRecursive( const char *pchPath ) { .... int len = (int)strlen( pchPath ); char *path = (char *)malloc( len + 1 ); strcpy( path, pchPath ); .... } ----------------------------------------------------------------- SwiftShader V575 CWE-628 The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 102, 101. bitvector.h 102 BitVector(const BitVector &RHS) : Size(RHS.size()) { .... Bits = (BitWord *)std::malloc(Capacity * sizeof(BitWord)); std::memcpy(Bits, RHS.Bits, Capacity * sizeof(BitWord)); } #add V575 CWE-628 The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 440, 439. bitvector.h 440 V575 CWE-628 The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 31, 28. smallvector.cpp 31 ----------------------------------------------------------------- yasm V575 CWE-628 The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 134, 129. dfa.c 134 DFA * DFA_new(Ins *ins, unsigned int ni, unsigned int lb, unsigned int ub, Char *rep) { DFA *d = malloc(sizeof(DFA)); Ins **work = malloc(sizeof(Ins*)*(ni+1)); unsigned int nc = ub - lb; GoTo *goTo = malloc(sizeof(GoTo)*nc); // <= Span *span = malloc(sizeof(Span)*nc); d->lbChar = lb; d->ubChar = ub; memset((char*) goTo, 0, nc*sizeof(GoTo)); // <= .... } #add V575 CWE-628 The potential null pointer is passed into 'strcpy' function. Inspect the first argument. Check lines: 81, 80. genmodule.c 81 V575 CWE-628 The potential null pointer is passed into 'fgets' function. Inspect the first argument. Check lines: 76, 59. genmacro.c 76 V575 CWE-628 The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 83, 82. main.c 83 V575 CWE-628 The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 184, 183. dfa.c 184 V575 CWE-628 The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 244, 243. dfa.c 244 V575 CWE-628 The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 672, 671. actions.c 672 V575 CWE-628 The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 208, 203. code.c 208 V575 CWE-628 The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 796, 795. code.c 796 V575 CWE-628 The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 816, 815. code.c 816 V575 CWE-628 The potential null pointer is passed into 'memcpy' function. Inspect the first argument. Check lines: 872, 871. code.c 872 V575 CWE-628 The potential null pointer is passed into 'memcpy' function. Inspect the second argument. Check lines: 872, 859. code.c 872 ----------------------------------------------------------------- WebRTC V575 CWE-628 The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 154, 153. resampler.cc 154 int Resampler::Reset(int inFreq, int outFreq, size_t num_channels) { .... state1_ = malloc(8 * sizeof(int32_t)); memset(state1_, 0, 8 * sizeof(int32_t)); .... } #add V575 CWE-628 The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 167, 166. resampler.cc 167 V575 CWE-628 The potential null pointer is passed into 'memset' function. Inspect the first argument. Check lines: 237, 236. resampler.cc 237 ----------------------------------------------------------------- hunspell V769 CWE-119 The 'candidate' pointer in the 'candidate + 1' expression could be nullptr. In such case, resulting value will be senseless and it should not be used. Check lines: 864, 863. suggestmgr.cxx 864 int SuggestMgr::twowords(....) { .... char* candidate = (char*)malloc(wl + 2); strcpy(candidate + 1, word); .... } -----------------------------------------------------------------