By Sergey Khrenov
Recently, my colleague Andrey Karpov asked me to find 3-4 bugs in one of the Tizen components, written in C#.He has also done the analysis of Tizen, searching for bugs in the C/C++ code and is now writing several articles on this topic.Inspired by his example, I did an experiment on finding bugs in C# components of Tizen.I should say that it was quite a successful venture, soon I will write a big article ob this topic, now I would like to share the results of a trial test.
For a start, I decided not to do a complex in-depth analysis of the whole Tizen codebase, but chose just a couple of projects in C# that do not require much effort. The purpose of this experiment is to try to understand whether we need to work in this direction.
The result of such a superficial analysis showed that I managed to find several real bugs, which suggests that there is a lot of work for PVS-Studio here. In this article I will give just a short description of these errors, leaving a detailed examination of this question for the future.
According to my calculations, the Tizen code has 4 929 files of the source code with the extension cs, with about 691 000 lines of code. The source code is rather large and its full-fledged analysis will take some time. Later, by the results of this work, I will write a detailed article.
In the meantime, I will give a description of the three bugs, detected at this stage of work. For simplicity I will specify the name of the top-level folder in the hierarchy of Tizen projects, which has a file with an error.
xamarin-forms-tizen
PVS-Studio: V3001 There are identical sub-expressions 'RwWait' to the left and to the right of the '|' operator. Xamarin.Forms.Platform.WP8 SplitOrderedList.cs 458
struct SimpleRwLock
{
const int RwWait = 1;
const int RwWrite = 2;
const int RwRead = 4;
....
public void EnterReadLock()
{
var sw = new SpinWait();
do
{
while ((_rwlock & (RwWrite | RwWait)) > 0)
sw.SpinOnce();
if ((Interlocked.Add(ref _rwlock, RwRead)
& (RwWait | RwWait)) == 0) // <=
return;
Interlocked.Add(ref _rwlock, -RwRead);
} while (true);
}
....
}
Perhaps, there is a typo in the condition of the if block, related to the fact that RwWait and RwWrite are spelled very similarly, which led to RwWait being mistakenly used twice. The condition in the while block above proves my suspicious, as the combination RwWrite | RwWait is used correctly there.
PVS-Studio: V3095 The 'type' object was used before it was verified against null. Check lines: 147, 149. Xamarin.Forms.Xaml ExpandMarkupsVisitor.cs 147
CWE-476 NULL Pointer Dereference
public class MarkupExpansionParser :
MarkupExpressionParser, IExpressionParser<INode>
{
....
public INode Parse(....)
{
....
Type type;
....
var xmltype = new XmlType(namespaceuri, type.Name, null); // <=
if (type == null)
throw new NotSupportedException();
....
}
....
}
The variable type is first used to access type.Name and then it is verified against null. As a result, an exception NullReferenceException is possible.
csapi-location
PVS-Studio. V3110 Possible infinite recursion inside 'Timestamp' property. Tizen.Location Location.cs 186
CWE-674 Uncontrolled Recursion
public class Location
{
....
internal int _timestamp;
....
public DateTime Timestamp
{
get
{
return Interop.ConvertDateTime(_timestamp);
}
internal set
{
Timestamp = value; // <=
}
}
....
}
This code contains an error, inevitably resulting in the exhaustion of the stack (infinite recursion) upon the attempt to access the Timestamp property. At the same time there are no visible signs if a typo. The field _timestamp is very different from Timestamp, so it's not really likely that they were confused. Besides that, _timestamp has an int type, which makes it impossible to assign with the value of the DateTime type. It would requite type conversion, such as the one implemented in the get section. I think, only the author would be able to correct this error.
That's it for a start, I'll save the remaining errors for my big article.
What we can surely say is that PVS-Studio analyzer can be used not only to check the C and C++ code, but C# components as well.
Download and try PVS-Studio: https://www.viva64.com/en/pvs-studio-download/?win
No comments:
Post a Comment