PC-lint/FlexeLint Output | Reference Manual Explanation | Home Page

            bug432.c

1    #include <string.h>
2    #include <stdlib.h>
3    #include <stdio.h>
4
5    char *salloc( const char *s )
6        {
7        char *ret = (char *) malloc( strlen(s+1) );
8        if( ret ) strcpy( ret, s );
9        return ret;
10       }
11
12   int main()
13       {
14       char *s = salloc( "hello world" );
15       printf( "%s\n", s );
16       return 0;
17       }

In this example the user creates a string-allocation function called salloc() and tests its behavior. The test appears to go well and yet salloc() contains a fatal flaw. Can you find it?

bug432.c lint Output 

--- Module:   bug432.c
                                              _
    char *ret = (char *) malloc( strlen(s+1) );
bug432.c(7) : Warning 432: Suspicious argument to malloc

Reference Manual Explanation 

 
432   Suspicious argument to malloc -- The following pattern
      was detected:

         malloc( strlen(e+1) )

      where e is some expression.  This is suspicious because it
      closely resembles the commonly used pattern:

         malloc( strlen(e)+1 )

      If you really intended to use the first pattern then an
      equivalent expression that will not raise this error is:

         malloc( strlen(e)-1 )

Previous Bug - Bug #550 - July 2001

PC-lint/FlexeLint - Product Overview
Home | Contact | Order

PC-lint and FlexeLint are trademarks of Gimpel Software
Copyright © 2003, Gimpel Software