...
| Code Block |
|---|
|
int ar[20];
for (int *ip = &ar[0]; ip < &ar[21]; ip++) {
*ip = 0;
}
|
...
| Code Block |
|---|
|
int ar[20];
for (int *ip = &ar[0]; ip < &ar[sizeof(ar)/sizeof(ar[0])]; ip++) {
*ip = 0;
}
|
...
| Code Block |
|---|
|
vector<int> ar( 20, 0);
vector<int>::iterator ip = ar.begin();
for (int i = 1; i <= 22; i++) {
*ip++ = 1;
}
|
...
| Code Block |
|---|
|
vector<int> ar( 20, 0);
for (vector<int>::iterator ip = ar.begin(); ip < ar.end(); ip++) {
*ip++ = 1;
}
|
...
| Code Block |
|---|
|
char *buf;
size_t len = 1 << 30;
/* Check for overflow */
if (buf + len < buf) {
len = -(size_t)buf-1;
}
|
...
| Code Block |
|---|
|
char *buf;
size_t len = 1 << 30;
/* Check for overflow */
if ((size_t)buf+len < (size_t)buf) {
len = -(size_t)buf-1;
}
|
...
| Code Block |
|---|
|
int process_array(char *buf, size_t n) {
return buf + n < buf + 100;
}
|
...
| Code Block |
|---|
|
int process_array(char *buf, size_t n) {
return n < 100;
}
|
...
- The first NCCE can be caught by the invalid array reference, since it is a compile-time constant.
- The second NCCE is a case of ptr + int < ptr. This is always a violation, because wrap-around is not guaranteed behavior for pointers, (it's only guaranteed for unsigned ints.)
- The third NCCE is a case of ptr + int1 < ptr + int2. This is not always a violation (we don't know the valid range of ptr). But it can always be converted to int1 < int2, so we should always consider this a violation.
Coverity Code Advsior version 7.5 can detect violations of this rule.
Klocwork Version 8.0.4.16 can detect violations of this rule with the ABR checker.
...
