Click on image to see enlargment

PC-lint/FlexeLint Output | Reference Manual Explanation | Home

            bug415.cpp

1    #include <string.h>
2    #define Whiskey          1
3    #define Vodka            2
4    #define DryVermouth      4
5    #define IrishCream       8
6    #define CrDeCacoa     0x10
7    #define CrDeMenthe    0x20
8    #define Grenadine     0x40
9    #define LimeJuice     0x80
10   struct Recipe { unsigned id; const char *name;
11       unsigned ingred; } drinks[] =  {
12       1, "Wild Irish Rose", Whiskey | Grenadine | LimeJuice,
13       2, "Irish Martini", Whiskey | DryVermouth | Vodka,
14       3, "Irish Paddy", CrDeCacoa | CrDeMenthe | IrishCream,
15       0, "", 0
16       };
17   unsigned find_recipe( const char *name ) {
18       for( unsigned i = 0;
19            drinks[sizeof(drinks)/sizeof(drinks[0])].id;
20            i++ )
21           if( strcmp( drinks[i].name, name ) == 0 )
22               return drinks[i].ingred;
23       return 0;
24       }
25   extern void process( unsigned );
26   int main() {
27       process( find_recipe( "Irish Patty" ) );
28       return 0;
29       }

Shawn O'Flaherty, perhaps a bit tipsy when he wrote this, is preparing a program for his pub's annual St. Patrick's Day celebration. Although not finished, there's already a bit of a problem. Can you find it?


bug415.cpp lint Output

--- Module:   bug415.cpp (C++)
                                                    _
         drinks[sizeof(drinks)/sizeof(drinks[0])].id;
bug415.cpp(19) : Warning 415: Likely access of out-of-bounds pointer (1 beyond end of data)
    by operator '[' [Reference: file bug415.cpp: line 19]
             _
         i++ )
bug415.cpp(20) : Warning 441: for clause irregularity: loop variable 'i' not found in 2nd for expression

bug415.cpp(19) : Warning 415: Likely access of out-of-bounds pointer (1 beyond end of data)
    by operator '[' [Reference: file bug415.cpp: line 19]

Reference Manual Explanation


415    Likely access of out-of-bounds pointer ('Integer' beyond end of data) by operator 'String'   -- An
       out-of-bounds pointer was accessed.  String designates the operator.  The parameter 'Integer'
       gives some idea how far out of bounds the pointer may be.  It is measured in units given by the
       size of the pointed to object.  The value is relative to the last item of good data and therefore
       should always be greater than zero.  For example:

               int a[10];
               a[10] = 0;

       results in an overflow message containing the phrase '1 beyond end of data'.


If you have comments or questions about this bug, please post them to our   Discussion Forum


Previous Bug - Bug #414 - February 2012

Use our Interactive Demo to Run FlexeLint on our Bugs of the Month

PC-lint/FlexeLint - Product Overview

Home | Contact | Order

PC-lint and FlexeLint are trademarks of Gimpel Software
Copyright 2012, Gimpel Software, All rights reserved.