I suggest you ...

Out Of Bounds Checking at Start Of Array

This is 'out-of-bounds' is detected:

unsigned char buffer[5];
unsigned char* buffer_ptr = &buffer[4];

++buffer_ptr; // ERROR! now points to 1 byte after &buffer[4]
*buffer_ptr = 0x12; // assign to memory outside of buffer[]

This 'out-of-bounds' is NOT detected:

unsigned char buffer[5];
unsigned char* buffer_ptr = &buffer[0];

--buffer_ptr; // ERROR! now points to 1 byte before &buffer[0]
*buffer_ptr = 0x12; // assign to memory outside of buffer[]

As 'buffer_ptr' has been 'bound' to 'buffer' via the assignment I would have expected PC-lint to have detected this.

4 votes
Vote
Sign in
Check!
(thinking…)
Reset
or sign in with
  • facebook
  • google
    Password icon
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    Jon Travers shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

    1 comment

    Sign in
    Check!
    (thinking…)
    Reset
    or sign in with
    • facebook
    • google
      Password icon
      Signed in as (Sign out)
      Submitting...
      • Anonymous commented  ·   ·  Flag as inappropriate

        #include<stdio.h>
        4
        5 int main()
        6 {
        7
        8 unsigned char buffer[5];
        9 unsigned char* buffer_ptr = &buffer[4];
        10
        11 ++buffer_ptr;
        _
        12 *buffer_ptr = 0x12;
        diy.c 12 Warning 415: Likely access of out-of-bounds pointer (1 beyond end of data) by operator 'unary *' [Reference: file diy.c: lines 9, 11]
        13 return 0;
        _
        14 }

      Feedback and Knowledge Base