Out Of Bounds Checking at Start Of Array

This is 'out-of-bounds' is detected:

unsigned char buffer[5];
unsigned char* buffer_ptr = &buffer[4];

++bufferptr; // ERROR! now points to 1 byte after &buffer[4]
*bufferptr = 0x12; // assign to memory outside of buffer[]

This 'out-of-bounds' is NOT detected:

unsigned char buffer[5];
unsigned char* buffer_ptr = &buffer[0];

--bufferptr; // ERROR! now points to 1 byte before &buffer[0]
*bufferptr = 0x12; // assign to memory outside of buffer[]

As 'buffer_ptr' has been 'bound' to 'buffer' via the assignment I would have expected PC-lint to have detected this.

5 votes

Jon Travers shared this idea · Jul 17, 2014 · Report… · Admin →

planned · Dec 9, 2014

An error occurred while saving the comment

Arpad Toth commented · November 8, 2023 11:08 AM · Report

PC-lint plus should be better at this.

Submitting...
Anonymous commented · February 9, 2018 4:19 AM · Report

#include<stdio.h>
4
5 int main()
6 {
7
8 unsigned char buffer[5];
9 unsigned char* buffer_ptr = &buffer[4];
10
11 ++buffer_ptr;
_
12 *buffer_ptr = 0x12;
diy.c 12 Warning 415: Likely access of out-of-bounds pointer (1 beyond end of data) by operator 'unary *' [Reference: file diy.c: lines 9, 11]
13 return 0;
_
14 }

Submitting...

I suggest you ...