bug661.cpp

1    #include <stdlib.h>
2
3    #define N 5
4    int Weight[N] = { 3, 1, 4, 5, 2 };
5
6    int rand_choice()
7        {
8        int i, choice = 0;
9        int k = rand() % (3*N);
10       for( i = 0; i <= N; i++ )
11           {
12           if( k >= 0 ) choice = i;
13           k -= Weight[i];
14           }
15       return choice;
16       }
17   int voting_machine( int vote )
18       {
19       if( vote == 1 ) return rand_choice();
20       else return vote;
21       }

A political party wishing to sabotage the chances of a popular presidential candidate, modifies the vote counting program to the above. But something is not quite right. Can you spot the flaw?

bug661.cpp lint Output

--- Module:   bug661.cpp (C++)
                      _
        k -= Weight[i];
bug661.cpp(13) : Warning 661: Possible access of out-of-bounds pointer (1
    beyond end of data) by operator '[' [Reference: file bug661.cpp: lines 10,13]

Reference Manual Explanation

661    possible access of out-of-bounds pointer ('Integer' beyond end of
       data) by operator 'String'  -- An out-of-bounds pointer may have
       been accessed.  See message 415 for a description of the
       parameters Integer and String.  For example:

             int a[10];
             if( n <= 10 ) a[n] = 0;

       Here the programmer presumably should have written n<10.  This
       message is similar to messages 415 and 796 but differs from them
       by the degree of probability.