
How the PVS-Studio Team Improved Unreal Engine's Code - ivank
https://www.unrealengine.com/blog/how-pvs-studio-team-improved-unreal-engines-code?hn
======
nickpsecurity
I encouraged game developers in the past to use static analysis tools to help
iron out more bugs. It's great to see Unreal Engine taking that step. A big
name like this will hopefully inspire others to take the same step.

------
GFK_of_xmaspast
Why is "(GEngine == nullptr || !GEngine->UseSound())" safer than "(GEngine ||
!GEngine->UseSound())"? Is this some kind of precedence rule, where the former
short-circuits but the latter doesn't?

~~~
UnquietTinkerer
The two conditions are not equialent - the first is true if GEngine is null or
does not use sound, and the second is true if GEngine is _not_ null and is
undefined otherwise due to dereferencing a null pointer. I assume the original
author intended to write "(!GEngine || !GEngine->UseSound())".

------
jhasse
How can the Memcmp/Memcpy bug get unnoticed??

~~~
Strom
In code bases as big as Unreal Engine 4, you can easily remove as much as 10k
lines of code and nobody will notice. It's not uncommon to have that much (and
more!) dead code even. A single missing memcpy doesn't mean much, unless it's
part of a hot code path.

All these rarely visited code path bugs matter in terms of security of course.

