Menu

Check to detect overlap on memcpy?

2021-04-10
2021-04-12
  • Dusan Peterc

    Dusan Peterc - 2021-04-10

    Would it be possible to add a check to detect (possible) overlap on memcpy?
    If source and destination overlap, the result is undefined. On some implementations it works same as programmer expected, like memmove, on some it will not.

    #include <stdio.h>
    #include <string.h>
    
    int main ()
    {
     char buff[] = "0123456789";
    
     printf("Before memcpy %s\n", buff);
     memcpy(&buff[2], &buff[1], 5);
     printf("After memcpy %s\n", buff);
    
     return(0);
    }
    

    Currently cppcheck does not report any warning or error on such code.
    If it is hard to detect overlaps, then even simple warning for same parameter in source and destination would be helpful. Warning should instruct the programmer to use memmove instead.

    Thank you very much for creating such a wonderful error detection tool!

     
  • Daniel Marjamäki

    it is certainly possible.

    we have an old ticket about this: https://trac.cppcheck.net/ticket/241

    there are two small problems;
    * library configuration
    * checker that finds function call and determine if arguments overlap

    library configuration: I want a configuration that specify if function arguments are allowed to overlap or not. It could be something like <no-overlap pointer1="arg1" pointer2="arg2" size="arg3"/>. That way we can check all functions in STL and all functions in any 3rd party library that has such restrictions, without changing anything in the check code.

    Finding function calls in a checker is quite trivial. Determining if the arguments overlap.. how difficult that is depends on the ambition level. For your example code it's not hard.

    I wonder if you have the time to look into this and then send us a github pull request? I think it's a good start if you can just diagnose your simple example code to start with.

    I have the feeling that we will want to extend the check to handle pointers: memcpy(p1,p2,5). This is probably somewhat tricky (it seems to me we want to extend the ValueFlow in cppcheck) so in my humble opinion it can be done separately later.

     

    Last edit: Daniel Marjamäki 2021-04-11
  • Dusan Peterc

    Dusan Peterc - 2021-04-11

    Thank you for your quick reply.
    At the moment, my knowledge of internal working of cppcheck is too shallow to be able to contribute a feature like this.
    I have a backlog, since I have spent so much time in diagnosing a stupid memcpy bug, which only happened on customers' computers, and we could not reproduce on our development system. Due to different implementation of memcpy on customer's computers, but with same program binary.

     
  • Daniel Marjamäki

    Understood. I am surprised that this ticket has not been fixed before. Maybe it will be fixed some day..

     

Log in to post a comment.

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.