sizeof and access out of bound
Static source code analysis tool for C and C++ code
Brought to you by:
danielmarjamaki
Menu
▾
▴
Hello,
During our internal review procedure we noticed a problem that cppcheck didn't point out. In the example attached it is used the "sizeof" of a variable instead of using the "countof", the number of elements. Cppcheck doensn't give any error in the for loop even if it's clear that we are going to have an access out of bound like the "sizeof" is not "managed".
In the last function I tested an explicit access out of bound and it correctly fired an error.
Regards
Michele
typedef enum
{
_e1 = (unsigned int)0,
_e2,
_e3,
_e4,
_e5,
_e6,
_e7,
_e8,
_e9,
_eTotalNumber
}tMyEnum;
void test1(void);
void test2(void);
void test1(void)
{
unsigned char zId;
unsigned char zTest;
static const tMyEnum cStg[] = {_e1, _e2, _e3};
for ( zId = 0; zId < sizeof( cStg ); zId++ )
{
if (cStg[zId] == _e8)
{
zTest = cStg[zId];
break;
}
}
}
void test2(void)
{
unsigned char zId;
unsigned char zTest;
static const tMyEnum cStg[] = {_e1, _e2, _e3};
for ( zId = 0; zId < sizeof( cStg ); zId++ )
{
if (cStg[zId] == _e8)
{
zTest = cStg[zId];
break;
}
}
zId = cStg[3]; //error is fired
}
Michele Ing. Corradin
Group Technologic Development
Sicon Srl
[cid:3256544718_62773626]
This message and any attachments are established exclusively for his or its recipients, and are confidential. Any use, diffusion or unauthorized publication is prohibited. Please notify the sender immediately by email if you have received this email by mistake and delete this email from your system. SOCOMEC declines all responsibility concerning this message if it has been altered or tampered with. It normally contains no virus, but it is the responsibility of the recipient to ensure this. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the organization.
Ce message et ses ?ventuelles pi?ces jointes sont ?tablis ? l'intention exclusive de son ou de ses destinataires et sont confidentiels. Toute utilisation, diffusion ou publication non autoris?e est prohib?e. Merci d'informer imm?diatement l'auteur par retour de message si vous avez re?u ce message par erreur, et supprimez ce message. SOCOMEC d?cline toute responsabilit? au titre de ce message s'il a ?t? alt?r? ou falsifi?. Il ne contient normalement aucun virus, mais il est de la responsabilit? de son destinataire de s'en assurer. L'organisation d?cline toute responsabilit? en ce qui concerne les informations fournies et les avis exprim?s dans le pr?sent message.
When the line
static const tMyEnum cStg[] = {_e1, _e2, _e3};is changed to
static const int cStg[] = {_e1, _e2, _e3};the issue is detected.
Looking at the debug output Cppcheck uses
signed intfor theenumvalues, so this issue could/should be detected i guess (at least as an inconclusive one).I am not sure, but maybe Cppcheck intentionally does not warn about this because it can not be absolutely sure what type or better what size an
enumhas.For some compilers (i think of embedded ones) one can enable to use the smallest type possible, so a
charwould be enough in this case. Then there would be no error.I created this ticket for the issue:
https://trac.cppcheck.net/ticket/8438
Last edit: versat 2018-03-13
thank you for the support