Click on image to see enlargment

PC-lint/FlexeLint Output | Reference Manual Explanation | Home

            bug613.cpp

1    #include <string.h>
2    typedef const char *cSTR;              // a constant string
3    cSTR x = "*multiply /divide +add -subtract >gt <lt ==eq !=ne "
4             "&and |or &&log.and ||log.or ^xor <<lshift >>rshift " ;
5    cSTR sub_string(cSTR,cSTR);
6    cSTR name_of( cSTR op )                // e.g.: name_of("+")
7        {                                  //       returns "add"
8        cSTR find = strstr( x, op ) + strlen(op);
9        return sub_string( find, strchr( find, ' ' ) );
10       }
11   cSTR sub_string( cSTR p1, cSTR p2 )    // sub_string(p1,p2) returns
12       {                                  // a nul-terminated substring
13       #define N 100                      // whose boundaries are
14       static char buf[N+1];              // determined by p1 and p2
15       int len = p2 - p1;
16       if( len > N ) len = N;
17       strncpy( buf, p1, len );
18       buf[len] = '\0';
19       return buf;
20       }

The programmer found an interesting way to map one string to another but there are potential trouble spots. Can you spot them?


bug613.cpp lint Output

--- Module:   bug613.cpp
                                            _
    cSTR find = strstr( x, op ) + strlen(op);
bug613.cpp(8) : Warning 613: Possible use of null pointer 'unknown-name' in
    left argument to operator 'ptr+int' [Reference: file bug613.cpp: line 8]
                          _
    strncpy( buf, p1, len );
bug613.cpp(17) : Info 732: Loss of sign (arg. no. 3) (int to unsigned int)

During Specific Walk:
  File bug613.cpp line 9: sub_string(!=0, 0?)
bug613.cpp(15) : Warning 613: Possible use of null pointer 'p2' in left
    argument to operator 'ptr-ptr' [Reference: file bug613.cpp: line 9]

Reference Manual Explanation

  
613   Possible use of null pointer 'Symbol' in [left/right] argument to operator 
      'String' Reference  -- From information gleaned from earlier statements, it 
      is possible that a null pointer (a pointer whose value is 0) can be used in 
      a context where null pointers are inappropriate.  Such contexts include:  
      Unary *, pointer increment (++) or decrement(--), addition of pointer to
      numeric, and subtraction of two pointers.  In the case of binary operators, 
      one of the words 'left' or 'right' is used to designate which operand is null.  
      Symbol identifies the pointer variable that may be NULL.  
      See also messages  413 and  794.

If you have comments or questions about this bug, please post them to our   Discussion Forum

Previous Bug - Bug #579 - June 2004

[ new ] Use our Interactive Demo to Run FlexeLint on our Bugs of the Month

PC-lint/FlexeLint - Product Overview

Home | Contact | Order

PC-lint and FlexeLint are trademarks of Gimpel Software
Copyright 2006, Gimpel Software, All rights reserved.