Reading one past the array bounds *(gr->ggint[i]) != '\0' && i < NIN

Static source code analysis tool for C and C++ code

Brought to you by: danielmarjamaki

Reading one past the array bounds *(gr->ggint[i]) != '\0' && i < NIN

Forum: Development

Creator: Artem Ivanov

Created: 2016-06-27

Updated: 2016-08-15

Artem Ivanov - 2016-06-27

Is there any way to indicate such errors:
Reading one past the array bounds
for ( i=0 ; *(gr->ggint[i]) != '\0' && i < NIN ; ++i )
;
(where NIN is the size of ggint array.)

Such code could force to very unlikly errors when source code is compiled using gcc compiler with switched on optimization (option -O).

Full code:

#define NIN 2 struct struct1 { char ggint[NIN][6]; char dummy; }; /*----------------------------------------------------------------------*/ int get_struct1cnt(struct struct1 *gr) { int i=0 ; for ( i=0 ; *(gr->ggint[i]) != '\0' && i < NIN ; ++i ) ; return i ; } /*----------------------------------------------------------------------*/ int main (int argc, char **argv) { struct struct1 grp = {0}; for ( int i=0 ; i < NIN ; i++ ) grp.ggint[i][0] = 'A'+i; printf("%d\n", get_struct1cnt (&grp)); return 0; }

When compiled with gcc -O -std=c99 one.c: the program display 1.
When compiled with gcc -std=c99 one.c: the programm display 2 as expcted
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Daniel Marjamäki - 2016-06-28

sounds good. could you write a ticket in our issue tracker so we don't forget this?

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

orbitcowboy - 2016-08-15

A ticket about this issues was created here

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.