Array overflow code (crashes online demo)

[versat]

I found some C++ code (not written by me) that looks like this:

void f()
{
    char arr[30];
    for(char *p = arr; p <= &arr[30]; p++)
    {
        *p = '\0';
    }
}

Cppcheck 1.76.1 doesn't report any problems.
When i let this code run in the Online Demo it crashes the CGI script:
An error has been encountered in accessing this page.

1. Server: cppcheck.sourceforge.net 
2. URL path: /cgi-bin/democlient.cgi 
3. Error notes: Premature end of script headers: democlient.cgi 
4. Error type: 500

I would say that the array arr is written one element past the end, correct?
It would be nice if cppcheck could detect this, or is it in any way legal code?

[Daniel Marjamäki]

yes it would be nice if that was detected.

please open ticket(s).

somehow I think that the ValueFlow should handle this. Then there are couple of issues that needs to be solved.

The ValueFlow does not currently have a good way to specify a "address of 30th element in array arr" value. So that should be added first I think.

Then the abstract interpretation should be updated to track such values.

After that I would guess that the ValueFlow will be able to say that p in the loop might point at &arr[30] so dereferencing it would be a mistake.

[versat]

Do you have any idea why it crashes the Online Demo? Should i open a ticket for this problem too?

[versat]

Created ticket: http://trac.cppcheck.net/ticket/7857