Review - static code analysis (flawfinder)

[gvarisco]

CSP/Array.h:576:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
CSP/log.cpp:240:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
CSP/log.cpp:292:  [4] (format) vfprintf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
CSP/Array.h:180:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). use a more secure technique for
  acquiring random values.
CSP/Array.h:347:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). use a more secure technique for
  acquiring random values.
CSP/IAS.cpp:397:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). use a more secure technique for
  acquiring random values.
CSP/IAS.cpp:416:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). use a more secure technique for
  acquiring random values.
CSP/IAS.cpp:443:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). use a more secure technique for
  acquiring random values.
CSP/IAS.cpp:831:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). use a more secure technique for
  acquiring random values.
CSP/PKCS11/CIEP11Template.cpp:51:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). use a more secure technique for
  acquiring random values.
CSP/PKCS11/CardTemplate.cpp:117:  [3] (misc) LoadLibrary:
  Ensure that the full path to the library is specified, or current directory
  may be used (CWE-829, CWE-20). Use registry entry or GetWindowsDirectory to
  find library path, if you aren't already.
CSP/SyncroEvent.cpp:37:  [3] (misc) AddAccessAllowedAce:
  This doesn't set the inheritance bits in the access control entry (ACE)
  header (CWE-732). Make sure that you set inheritance by hand if you wish it
  to inherit.
CSP/SyncroMutex.cpp:38:  [3] (misc) AddAccessAllowedAce:
  This doesn't set the inheritance bits in the access control entry (ACE)
  header (CWE-732). Make sure that you set inheritance by hand if you wish it
  to inherit.
CSP/atlcontrols.h:4941:  [3] (misc) EnterCriticalSection:
  On some versions of Windows, exceptions can be thrown in low-memory
  situations. Use InitializeCriticalSectionAndSpinCount instead.
CSP/Array.h:62:  [2] (integer) atoi:
  Unless checked, the resulting number can exceed the expected range
  (CWE-190). If source untrusted, check both minimum and maximum, even if the
  input had no minus sign (large numbers can roll over into negative number;
  consider saving to an unsigned value if that is intended).
CSP/Array.h:139:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/Array.h:149:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/Array.h:159:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/Array.h:169:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/Array.h:307:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/CBase64.cpp:235:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/CBase64.h:34:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/CBase64.h:45:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/CSP.cpp:34:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/DES3.cpp:39:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/DES3.cpp:97:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/IAS.cpp:818:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/IAS.cpp:877:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/IniSettings.cpp:135:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/MAC.cpp:41:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/MAC.cpp:70:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/ModuleInfo.cpp:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/ModuleInfo.cpp:32:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/ModuleInfo.cpp:35:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/PIN.h:94:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/PKCS11/CIEP11Template.cpp:14:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/PKCS11/Mechanism.cpp:142:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/PKCS11/Mechanism.cpp:209:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/PKCS11/P11Object.cpp:73:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/PKCS11/PKCS11Functions.cpp:485:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/PKCS11/PKCS11Functions.cpp:490:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/PKCS11/PKCS11Functions.cpp:973:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/PKCS11/Slot.cpp:23:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/PKCS11/Slot.cpp:365:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/PKCS11/Slot.cpp:370:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/PKCS11/Slot.cpp:398:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/PKCS11/Slot.cpp:400:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/PKCS11/Slot.cpp:414:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/PKCS11/Slot.cpp:417:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/PKCS11/Slot.cpp:448:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/SystemTraySDK.cpp:489:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/SystemTraySDK.cpp:503:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/SystemTraySDK.cpp:508:  [2] (buffer) MultiByteToWideChar:
  Requires maximum length in CHARACTERS, not bytes (CWE-120).
CSP/SystemTraySDK.cpp:863:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/Token.cpp:727:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/Token.cpp:733:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/UtilException.cpp:150:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/atlcontrols.h:3648:  [2] (buffer) TCHAR:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/atlcontrols.h:3738:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/atlcontrols.h:3760:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/atlcontrols.h:3791:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/atlcontrols.h:3834:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
CSP/funccallinfo.cpp:102:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/funccallinfo.cpp:129:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/log.cpp:72:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/log.cpp:198:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/log.cpp:271:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/log.cpp:324:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/util.cpp:384:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/util.cpp:390:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/util.cpp:391:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119:CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
CSP/Array.h:522:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/Array.h:528:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/Array.h:543:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/Array.h:562:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/CBase64.cpp:59:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/CBase64.cpp:233:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/PKCS11/CIEP11Template.cpp:205:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/PKCS11/Slot.cpp:26:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/PKCS11/Slot.cpp:276:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/PKCS11/Slot.cpp:291:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/PKCS11/Slot.cpp:398:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/PKCS11/Slot.cpp:400:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/PKCS11/Slot.cpp:417:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/SystemTraySDK.cpp:134:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/SystemTraySDK.cpp:473:  [1] (buffer) _tcslen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/UtilException.cpp:79:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/abilitaCIE.cpp:56:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/abilitaCIE.cpp:130:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/abilitaCIE.cpp:155:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/log.cpp:157:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/log.cpp:167:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/log.cpp:249:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/log.cpp:251:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/log.cpp:299:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/log.cpp:301:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/sbloccoPIN.cpp:40:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/sbloccoPIN.cpp:82:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/util.cpp:53:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/util.cpp:88:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).
CSP/util.cpp:127:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).

[fottavi]

La versione di flawfinder utilizzata è questa?
https://sourceforge.net/projects/flawfinder/files/?source=navbar

Così posso ripetere il test autonomamente prima di fare dei commit

[gvarisco]

@fottavi sì, è esattamente quella. E' solo uno dei tanti tool disponibili con cui dare una prima scrematura iniziale (in assenza di Fortify :) ), molti potrebbero anche essere falsi positivi. Nel weekend approfondisco l'output che ho riportato sopra, ma se vuoi lavorarci sopra inizia pure!

[fottavi]

Io posso eseguire la Code Analysis di Visual Studio 2013 e riportare l'output, ma non so se è CWE-compatibile. Comunque male non fa!

[fottavi]

Pensavo peggio :)

C6230 Invalid HRESULT use as boolean Implicit cast between semantically different integer types: using HRESULT in a Boolean context. CIEPKI syncroevent.cpp 73
C6102 Using 'readers' from failed function call at line '53'. CIEPKI abilitacie.cpp 54
'readers' is not initialized 53
'readers' is used, but may not have been initialized 54
C6102 Using '*readers' from failed function call at line '53'. CIEPKI abilitacie.cpp 56
'*readers' is not initialized 53
'readers' is used, but may not have been initialized 56
C6216 Invalid compiler-inserted cast BOOL to HRESULT Compiler-inserted cast between semantically different integral types: a Boolean type to HRESULT. CIEPKI abilitacie.cpp 156
C6216 Invalid compiler-inserted cast BOOL to HRESULT Compiler-inserted cast between semantically different integral types: a Boolean type to HRESULT. CIEPKI abilitacie.cpp 170
C6387 Invalid parameter value 'thread' could be '0': this does not adhere to the specification for the function 'WaitForSingleObject'. CIEPKI abilitacie.cpp 275
'thread' may be NULL 274
'thread' is an Input to 'WaitForSingleObject' (declared at c:\program files (x86)\windows kits\8.1\include\um\synchapi.h:473) 275
'thread' should not be NULL, because this is not consistent with the SAL annotation on 'WaitForSingleObject' 275
C6011 Dereferencing null pointer Dereferencing NULL pointer 'cur'. CIEPKI array.h 423
'cur' may equal 256 (Skip this branch) 421
Skip this branch, (assume '(void **)cur==bdaVf' is false) 423
'cur' is dereferenced, but may still be NULL 423
C28182 Dereferencing a copy of a null pointer Dereferencing NULL pointer. 'bda' contains the same NULL value as 'cur' did. See line 423 for an earlier location where this can occur CIEPKI array.h 425
'bda' may equal 256 424
'bda' is dereferenced, but may still be NULL 425
C28182 Dereferencing a copy of a null pointer Dereferencing NULL pointer. 'ba' contains the same NULL value as 'cur' did. See line 423 for an earlier location where this can occur CIEPKI array.h 429
'ba' may equal 256 428
'ba' is dereferenced, but may still be NULL 429
C6387 Invalid parameter value 'f' could be '0': this does not adhere to the specification for the function 'fseek'. CIEPKI array.h 559
'f' may be NULL 558
'f' is an In/Out argument to 'fseek' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:240) 559
'f' should not be NULL, because this is not consistent with the SAL annotation on 'fseek' 559
C6387 Invalid parameter value 'f' could be '0': this does not adhere to the specification for the function 'ftell'. See line 559 for an earlier location where this can occur CIEPKI array.h 560
'f' may be NULL 558
'f' is an In/Out argument to 'fseek' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:240) 559
'f' is an In/Out argument to 'ftell' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:241) 560
'f' should not be NULL, because this is not consistent with the SAL annotation on 'ftell' 560
C6387 Invalid parameter value 'f' could be '0': this does not adhere to the specification for the function 'fread'. See line 559 for an earlier location where this can occur CIEPKI array.h 564
'f' may be NULL 558
'f' is an In/Out argument to 'fseek' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:240) 559
'f' is an In/Out argument to 'ftell' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:241) 560
'f' is an In/Out argument to 'fseek' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:240) 561
'f' is an In/Out argument to 'fread' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:222) 564
'f' should not be NULL, because this is not consistent with the SAL annotation on 'fread' 564
C6387 Invalid parameter value 'f' could be '0': this does not adhere to the specification for the function 'fclose'. See line 559 for an earlier location where this can occur CIEPKI array.h 565
'f' may be NULL 558
'f' is an In/Out argument to 'fseek' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:240) 559
'f' is an In/Out argument to 'ftell' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:241) 560
'f' is an In/Out argument to 'fseek' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:240) 561
'f' is an In/Out argument to 'fread' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:222) 564
'f' is an In/Out argument to 'fclose' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:184) 565
'f' should not be NULL, because this is not consistent with the SAL annotation on 'fclose' 565
C6255 Unprotected use of alloca _alloca indicates failure by raising a stack overflow exception. Consider using _malloca instead. CIEPKI atlcontrols.h 2283
C6102 Using 'sFrom' from failed function call at line '151'. CIEPKI ciep11template.cpp 153
'sFrom' is not initialized 151
'sFrom' is an In/Out argument to 'String::printf' (declared at c:\progetti\cie\middleware\csp\array.h:583) 153
'sFrom' is used, but may not have been initialized 153
C6102 Using 'sTo' from failed function call at line '152'. CIEPKI ciep11template.cpp 156
'sTo' is not initialized 152
'sTo' is an In/Out argument to 'String::printf' (declared at c:\progetti\cie\middleware\csp\array.h:583) 156
'sTo' is used, but may not have been initialized 156
C6101 Returning uninitialized memory Returning uninitialized memory '*pcAttemptsRemaining'. A successful path through the function does not set the named Out parameter. CIEPKI csp.cpp 71
'*pcAttemptsRemaining' is not initialized 71
'*pcAttemptsRemaining' is an Out parameter that may not have been assigned to 71
C6101 Returning uninitialized memory Returning uninitialized memory '*ppbData'. A successful path through the function does not set the named Out parameter. CIEPKI csp.cpp 80
'*ppbData' is not initialized 80
Skip this branch, (assume 'dwFlags!=0' is false) 88
Skip this branch, (assume 'pszDirectoryName==0' is false) 91
Skip this branch, (assume '' is false) 100
Skip this branch, (assume '' is false) 122
'*ppbData' is an Out parameter that may not have been assigned to 80
C6101 Returning uninitialized memory Returning uninitialized memory '*ppbSessionPin'. A successful path through the function does not set the named Out parameter. CIEPKI csp.cpp 238
'*ppbSessionPin' is not initialized 238
Skip this branch, (assume 'pbPinData==0' is false) 248
'*ppbSessionPin' is an Out parameter that may not have been assigned to 238
C6011 Dereferencing null pointer Dereferencing NULL pointer 'pcAttemptsRemaining'. CIEPKI csp.cpp 292
'pcAttemptsRemaining' may be NULL 238
Skip this branch, (assume 'pbPinData==0' is false) 248
Skip this branch, (assume 'cbPinData!=8' is false) 250
Skip this branch, (assume '' is false) 252
Skip this branch, (assume 'ias==0' is false) 256
Skip this branch, (assume 'ias->Callback!=0' is false) 261
Skip this branch, (assume 'ias->Callback!=0' is false) 266
Skip this branch, (assume 'ias->Callback!=0' is false) 270
Skip this branch, (assume 'ias->Callback!=0' is false) 275
Skip this branch, (assume 'PinId==1' is false) 277
Enter this branch, (assume 'PinId==2') 280
Skip this branch, (assume 'sw==27011' is false) 286
Enter this branch, (assume 'sw>=25536&&sw<=25551') 291
'pcAttemptsRemaining' is dereferenced, but may still be NULL 292
C6101 Returning uninitialized memory Returning uninitialized memory '*pdwDataLen'. A successful path through the function does not set the named Out parameter. CIEPKI csp.cpp 340
'*pdwDataLen' is not initialized 340
Skip this branch, (assume 'bContainerIndex!=0' is false) 350
Skip this branch, (assume 'dwFlags!=0' is false) 352
Skip this branch, (assume '' is false) 355
Skip this branch, (assume '' is false) 360
'*pdwDataLen' is used, but may not have been initialized 340
C6101 Returning uninitialized memory Returning uninitialized memory '*pdwDataLen'. A successful path through the function does not set the named Out parameter. CIEPKI csp.cpp 375
'*pdwDataLen' is not initialized 375
Skip this branch, (assume '' is false) 385
Skip this branch, (assume '' is false) 390
Skip this branch, (assume '' is false) 396
Skip this branch, (assume '' is false) 406
Skip this branch, (assume '' is false) 415
Skip this branch, (assume '' is false) 426
Skip this branch, (assume '' is false) 432
Skip this branch, (assume '' is false) 438
Skip this branch, (assume '' is false) 465
Skip this branch, (assume '' is false) 471
Skip this branch, (assume '' is false) 478
Skip this branch, (assume '' is false) 488
Skip this branch, (assume '' is false) 499
'*pdwDataLen' is used, but may not have been initialized 375
C6295 Infinite loop Ill-defined for-loop: 'unsigned long' values are always of range '0' to '4294967295'. Loop executes infinitely. CIEPKI ias.cpp 481
C6001 Using uninitialized memory Using uninitialized memory 'lgn'. CIEPKI ias.cpp 578
'lgn' is not initialized 537
Skip this branch, (assume 'resp.==153' is false) 547
Skip this branch, (assume 'resp.==142' is false) 552
Skip this branch, (assume 'resp.==133' is false) 558
Enter this branch, (assume 'resp.==135') 573
Enter this branch, (assume 'resp.>128') 574
Skip this branch, (assume 'llen==1' is false) 576
Skip this branch, (assume 'llen==2' is false) 577
'lgn' is used, but may not have been initialized 578
C6102 Using 'szPath' from failed function call at line '819'. CIEPKI ias.cpp 820
'szPath' is not initialized 819
'szPath' is an In/Out argument to 'PathAppendA' (declared at c:\program files (x86)\windows kits\8.1\include\um\shlwapi.h:491) 820
'szPath' is used, but may not have been initialized 820
C6387 Invalid parameter value 'f' could be '0': this does not adhere to the specification for the function 'fwrite'. CIEPKI ias.cpp 840
'f' may be NULL 825
'f' is an In/Out argument to 'fwrite' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:246) 840
'f' should not be NULL, because this is not consistent with the SAL annotation on 'fwrite' 840
C6387 Invalid parameter value 'f' could be '0': this does not adhere to the specification for the function 'fclose'. See line 840 for an earlier location where this can occur CIEPKI ias.cpp 842
'f' may be NULL 825
'f' is an In/Out argument to 'fwrite' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:246) 840
'f' is an In/Out argument to 'fwrite' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:246) 841
'f' is an In/Out argument to 'fclose' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\include\stdio.h:184) 842
'f' should not be NULL, because this is not consistent with the SAL annotation on 'fclose' 842
C6335 Leaking process handle Leaking process information handle 'pi.hProcess'. CIEPKI ias.cpp 872
C6102 Using 'szPath' from failed function call at line '878'. CIEPKI ias.cpp 879
'szPath' is not initialized 878
'szPath' is an In/Out argument to 'PathAppendA' (declared at c:\program files (x86)\windows kits\8.1\include\um\shlwapi.h:491) 879
'szPath' is used, but may not have been initialized 879
C6335 Leaking process handle Leaking process information handle 'pi.hThread'. CIEPKI ias.cpp 893
C6387 Invalid parameter value 'm_hStartEvent' could be '0': this does not adhere to the specification for the function 'CloseHandle'. CIEPKI ias.cpp 1071
'm_hStartEvent' may be NULL 1069
Enter this branch, (assume 'GetLastError()==183') 1070
'm_hStartEvent' is an Input to 'CloseHandle' (declared at c:\program files (x86)\windows kits\8.1\include\um\handleapi.h:50) 1071
'm_hStartEvent' should not be NULL, because this is not consistent with the SAL annotation on 'CloseHandle' 1071
C6001 Using uninitialized memory Using uninitialized memory 'bp'. CIEPKI message.h 93
'bp' is not initialized 91
'bp' is an In/Out argument to 'ATL::CWindow::GetWindowPlacement' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\atlmfc\include\atlwin.h:1106) 93
'bp' is used, but may not have been initialized 93
C6001 Using uninitialized memory Using uninitialized memory 'rect'. CIEPKI message.h 125
'rect' is not initialized 124
'rect' is an Input to 'ATL::CWindow::GetUpdateRect' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\atlmfc\include\atlwin.h:1225) 125
'rect' is used, but may not have been initialized 125
C6101 Returning uninitialized memory Returning uninitialized memory '*ppbChallengeData'. A successful path through the function does not set the named Out parameter. CIEPKI notimpl.cpp 27
'*ppbChallengeData' is not initialized 27
'*ppbChallengeData' is an Out parameter that may not have been assigned to 27
C6101 Returning uninitialized memory Returning uninitialized memory '*pcAttemptsRemaining'. A successful path through the function does not set the named Out parameter. CIEPKI notimpl.cpp 38
'*pcAttemptsRemaining' is not initialized 38
'*pcAttemptsRemaining' is an Out parameter that may not have been assigned to 38
C6101 Returning uninitialized memory Returning uninitialized memory '*ppbChallengeData'. A successful path through the function does not set the named Out parameter. CIEPKI notimpl.cpp 75
'*ppbChallengeData' is not initialized 75
'*ppbChallengeData' is an Out parameter that may not have been assigned to 75
C6101 Returning uninitialized memory Returning uninitialized memory '*pcAttemptsRemaining'. A successful path through the function does not set the named Out parameter. CIEPKI notimpl.cpp 87
'*pcAttemptsRemaining' is not initialized 87
'*pcAttemptsRemaining' is an Out parameter that may not have been assigned to 87
C6101 Returning uninitialized memory Returning uninitialized memory '*pcAttemptsRemaining'. A successful path through the function does not set the named Out parameter. CIEPKI notimpl.cpp 100
'*pcAttemptsRemaining' is not initialized 100
'*pcAttemptsRemaining' is an Out parameter that may not have been assigned to 100
C6101 Returning uninitialized memory Returning uninitialized memory '*pbSecretAgreementIndex'. A successful path through the function does not set the named Out parameter. CIEPKI notimpl.cpp 298
'*pbSecretAgreementIndex' is not initialized 298
'*pbSecretAgreementIndex' is an Out parameter that may not have been assigned to 298
C6101 Returning uninitialized memory Returning uninitialized memory '*phKey'. A successful path through the function does not set the named Out parameter. CIEPKI notimpl.cpp 378
'*phKey' is not initialized 378
'*phKey' is an Out parameter that may not have been assigned to 378
C6101 Returning uninitialized memory Returning uninitialized memory '*ppEncryptedData'. A successful path through the function does not set the named Out parameter. CIEPKI notimpl.cpp 390
'*ppEncryptedData' is not initialized 390
'*ppEncryptedData' is an Out parameter that may not have been assigned to 390
C6101 Returning uninitialized memory Returning uninitialized memory '*ppbOutput'. A successful path through the function does not set the named Out parameter. CIEPKI notimpl.cpp 404
'*ppbOutput' is not initialized 404
'*ppbOutput' is an Out parameter that may not have been assigned to 404
C6101 Returning uninitialized memory Returning uninitialized memory '*pdwDataLen'. A successful path through the function does not set the named Out parameter. CIEPKI notimpl.cpp 424
'*pdwDataLen' is not initialized 424
'*pdwDataLen' is used, but may not have been initialized 424
C6101 Returning uninitialized memory Returning uninitialized memory '*pdwDataLen'. A successful path through the function does not set the named Out parameter. CIEPKI notimpl.cpp 437
'*pdwDataLen' is not initialized 437
'*pdwDataLen' is used, but may not have been initialized 437
C6101 Returning uninitialized memory Returning uninitialized memory '*phKey'. A successful path through the function does not set the named Out parameter. CIEPKI notimpl.cpp 462
'*phKey' is not initialized 462
'*phKey' is an Out parameter that may not have been assigned to 462
C6101 Returning uninitialized memory Returning uninitialized memory '*pdwOutputLen'. A successful path through the function does not set the named Out parameter. CIEPKI notimpl.cpp 477
'*pdwOutputLen' is not initialized 477
'*pdwOutputLen' is used, but may not have been initialized 477
C6054 Zero termination missing String '*pmszFileNames' might not be zero-terminated. CIEPKI notimpl.cpp 499
This expression may not zero-terminate '*pmszFileNames' 499
'*pmszFileNames' should be zero-terminated but may not be 499
C6101 Returning uninitialized memory Returning uninitialized memory '*pmszFileNames'. A successful path through the function does not set the named Out parameter. CIEPKI notimpl.cpp 499
'*pmszFileNames' is not initialized 499
'*pmszFileNames' is an Out parameter that may not have been assigned to 499
C6001 Using uninitialized memory Using uninitialized memory 'rect'. CIEPKI pin.h 122
'rect' is not initialized 121
'rect' is an Input to 'ATL::CWindow::GetUpdateRect' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\atlmfc\include\atlwin.h:1225) 122
'rect' is used, but may not have been initialized 122
C6102 Using 'readers' from failed function call at line '37'. CIEPKI sbloccopin.cpp 38
'readers' is not initialized 37
'readers' is used, but may not have been initialized 38
C6102 Using '*readers' from failed function call at line '37'. CIEPKI sbloccopin.cpp 40
'*readers' is not initialized 37
'*readers' is used, but may not have been initialized 40
C6387 Invalid parameter value 'thread' could be '0': this does not adhere to the specification for the function 'WaitForSingleObject'. CIEPKI sbloccopin.cpp 211
'thread' may be NULL 210
'thread' is an Input to 'WaitForSingleObject' (declared at c:\program files (x86)\windows kits\8.1\include\um\synchapi.h:473) 211
'thread' should not be NULL, because this is not consistent with the SAL annotation on 'WaitForSingleObject' 211
C6283 Primitive array-new scalar-delete mismatch 'modName' is allocated with array new [], but deleted with scalar delete. CIEPKI storeprovider.cpp 118
C6216 Invalid compiler-inserted cast BOOL to HRESULT Compiler-inserted cast between semantically different integral types: a Boolean type to HRESULT. CIEPKI syncroevent.cpp 73
C6102 Using '*lprect' from failed function call at line '943'. CIEPKI systemtraysdk.cpp 944
'*lprect' is not initialized 943
'*lprect' is used, but may not have been initialized 944
C6102 Using 'ai' from failed function call at line '953'. CIEPKI systemtraysdk.cpp 955
'ai' is not initialized 953
'ai' is used, but may not have been initialized 955
C6258 Using TerminateThread Using TerminateThread does not allow proper thread clean up. CIEPKI thread.cpp 70
C6295 Infinite loop Ill-defined for-loop: 'unsigned long' values are always of range '0' to '4294967295'. Loop executes infinitely. CIEPKI util.cpp 302
C6001 Using uninitialized memory Using uninitialized memory 'rect'. CIEPKI verifica.h 100
'rect' is not initialized 99
'rect' is an Input to 'ATL::CWindow::GetUpdateRect' (declared at c:\program files (x86)\microsoft visual studio 12.0\vc\atlmfc\include\atlwin.h:1225) 100
'rect' is used, but may not have been initialized 100

[alranel]

@gvarisco possiamo chiudere questa issue?