Cppcheck: Suspicious usage of 'sizeof' with a numeric constant as parameter.
|Status:||Closed||Start date:||05 Jan 2015|
|Assignee:||Robin Mills||% Done:|
In jp2image.cpp lines 555, 561 and 567 there is
sizeof(16) as third argument for
memcmp. Cppcheck reports
It is unusual to use a constant value with sizeof. For example, 'sizeof(10)' returns 4 (in 32-bit systems) or 8 (in 64-bit systems) instead of 10. 'sizeof('A')' and 'sizeof(char)' can return different results.
#2 Updated by Robin Mills almost 4 years ago
This is very suspicious! I think the sizeof(16) should simply be 16. It appears to be copying UUIDs which are 128 bits = 16 x 8bit bytes. The sizeof(16) would have "throttled" the UUID to 4 or 8 bytes. This would cause part of the data to be in an undefined state, without overflowing the buffer to which the data is being copied.
Fix submitted r3538. Thank you Thomas for finding and reporting this.