Check to detect overlap on memcpy?

Static source code analysis tool for C and C++ code

Brought to you by: danielmarjamaki

Check to detect overlap on memcpy?

Forum: General Discussion

Creator: Dusan Peterc

Created: 2021-04-10

Updated: 2021-04-12

Dusan Peterc - 2021-04-10

Would it be possible to add a check to detect (possible) overlap on memcpy?
If source and destination overlap, the result is undefined. On some implementations it works same as programmer expected, like memmove, on some it will not.

#include <stdio.h> #include <string.h> int main () { char buff[] = "0123456789"; printf("Before memcpy %s\n", buff); memcpy(&buff[2], &buff[1], 5); printf("After memcpy %s\n", buff); return(0); }

Currently cppcheck does not report any warning or error on such code.
If it is hard to detect overlaps, then even simple warning for same parameter in source and destination would be helpful. Warning should instruct the programmer to use memmove instead.

Thank you very much for creating such a wonderful error detection tool!
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Daniel Marjamäki - 2021-04-11

it is certainly possible.

we have an old ticket about this: https://trac.cppcheck.net/ticket/241

there are two small problems;
* library configuration
* checker that finds function call and determine if arguments overlap

library configuration: I want a configuration that specify if function arguments are allowed to overlap or not. It could be something like <no-overlap pointer1="arg1" pointer2="arg2" size="arg3"/>. That way we can check all functions in STL and all functions in any 3rd party library that has such restrictions, without changing anything in the check code.

Finding function calls in a checker is quite trivial. Determining if the arguments overlap.. how difficult that is depends on the ambition level. For your example code it's not hard.

I wonder if you have the time to look into this and then send us a github pull request? I think it's a good start if you can just diagnose your simple example code to start with.

I have the feeling that we will want to extend the check to handle pointers: memcpy(p1,p2,5). This is probably somewhat tricky (it seems to me we want to extend the ValueFlow in cppcheck) so in my humble opinion it can be done separately later.

Last edit: Daniel Marjamäki 2021-04-11

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Dusan Peterc - 2021-04-11

Thank you for your quick reply.
At the moment, my knowledge of internal working of cppcheck is too shallow to be able to contribute a feature like this.
I have a backlog, since I have spent so much time in diagnosing a stupid memcpy bug, which only happened on customers' computers, and we could not reproduce on our development system. Due to different implementation of memcpy on customer's computers, but with same program binary.

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Daniel Marjamäki - 2021-04-12

Understood. I am surprised that this ticket has not been fixed before. Maybe it will be fixed some day..

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.