Click on image to see enlargment

PC-lint/FlexeLint Output | Reference Manual Explanation | Home

            bug661.cpp

1    #include <stdlib.h>
2
3    #define N 5
4    int Weight[N] = { 3, 1, 4, 5, 2 };
5
6    int rand_choice()
7        {
8        int i, choice = 0;
9        int k = rand() % (3*N);
10       for( i = 0; i <= N; i++ )
11           {
12           if( k >= 0 ) choice = i;
13           k -= Weight[i];
14           }
15       return choice;
16       }
17   int voting_machine( int vote )
18       {
19       if( vote == 1 ) return rand_choice();
20       else return vote;
21       }

A political party wishing to sabotage the chances of a popular presidential candidate, modifies the vote counting program to the above. But something is not quite right. Can you spot the flaw?


bug661.cpp lint Output

--- Module:   bug661.cpp (C++)
                      _
        k -= Weight[i];
bug661.cpp(13) : Warning 661: Possible access of out-of-bounds pointer (1
    beyond end of data) by operator '[' [Reference: file bug661.cpp: lines 10,13]


Reference Manual Explanation


661    possible access of out-of-bounds pointer ('Integer' beyond end of
       data) by operator 'String'  -- An out-of-bounds pointer may have
       been accessed.  See message 415 for a description of the
       parameters Integer and String.  For example:

             int a[10];
             if( n <= 10 ) a[n] = 0;

       Here the programmer presumably should have written n<10.  This
       message is similar to messages 415 and 796 but differs from them
       by the degree of probability.


If you have comments or questions about this bug, please post them to our   Discussion Forum


Previous Bug - Bug #1547 - January 2008

Use our Interactive Demo to Run FlexeLint on our Bugs of the Month

PC-lint/FlexeLint - Product Overview

Home | Contact | Order

PC-lint and FlexeLint are trademarks of Gimpel Software
Copyright 2009, Gimpel Software, All rights reserved.