(back to list)

On 24-3-2014 23:58, mathog wrote:

4. I don't understand what it is warning about at line 706 in

upmf.c. It doesn't like this:

int U_DPO_free(U_DPSEUDO_OBJ **dpo){ if(!dpo){ return(0); } if(!*dpo){ return(1); } U_DPSEUDO_OBJ *kpo = *dpo; if(kpo->poPoints){ U_PO_free(&kpo->poPoints); } if(kpo->poTypes){ U_PO_free(&kpo->poTypes); } // <------ free(*dpo); *dpo=NULL; return(1); }

At the arrow it gives the warning: "Branch condition evaluates to a garbage value"

The U_DPSEUDO_OBJ struct looks like this

typedef struct { uint32_t Elements; /**< Element count, applies to both PseudoObjects */ U_PSEUDO_OBJ *poPoints; /**< Points in path */ U_PSEUDO_OBJ *poTypes; /**< Types of points in path */ } U_DPSEUDO_OBJ;

and this is U_PO_free()

int U_PO_free(U_PSEUDO_OBJ **po){ if(!po)return(0); if(!*po)return(1); if((*po)->Data)free((*po)->Data); free(*po); *po=NULL; return(1); }

As you can read on the webpage that scan-build generates, there are 18 steps involved. The reason that line 706 is bugged is because for some control flow "kpo->poTypes" has a garbage value. The cause is that for the control flow indicated, the U_DPSEUDO_OBJ *Path is never fully properly initialized, in particular kpo->poTypes isn't.

-Johan