I suggest you ...

Out Of Bounds Checking at Start Of Array

This is 'out-of-bounds' is detected:

unsigned char buffer[5];
unsigned char* buffer_ptr = &buffer[4];

++buffer_ptr; // ERROR! now points to 1 byte after &buffer[4]
*buffer_ptr = 0x12; // assign to memory outside of buffer[]

This 'out-of-bounds' is NOT detected:

unsigned char buffer[5];
unsigned char* buffer_ptr = &buffer[0];

--buffer_ptr; // ERROR! now points to 1 byte before &buffer[0]
*buffer_ptr = 0x12; // assign to memory outside of buffer[]

As 'buffer_ptr' has been 'bound' to 'buffer' via the assignment I would have expected PC-lint to have detected this.

4 votes
Vote
Sign in
(thinking…)
Password icon
Signed in as (Sign out)
You have left! (?) (thinking…)
Jon Travers shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

1 comment

Sign in
(thinking…)
Password icon
Signed in as (Sign out)
Submitting...
  • Anonymous commented  ·   ·  Flag as inappropriate

    #include<stdio.h>
    4
    5 int main()
    6 {
    7
    8 unsigned char buffer[5];
    9 unsigned char* buffer_ptr = &buffer[4];
    10
    11 ++buffer_ptr;
    _
    12 *buffer_ptr = 0x12;
    diy.c 12 Warning 415: Likely access of out-of-bounds pointer (1 beyond end of data) by operator 'unary *' [Reference: file diy.c: lines 9, 11]
    13 return 0;
    _
    14 }

Feedback and Knowledge Base