bug433.cpp

1     #include <stdio.h>
2     typedef int (*Array10)[10];
3     Array10 alloc10()
4         {
5         Array10 p;
6         int i;
7
8         p = (Array10) malloc( sizeof(Array10) );
9         if( !p ) return NULL;
10        for( i = 0; i < 10; i++ )
11            (*p)[i] = 0;
12        return p;
13        }
14
15    int main()
16        {
17        Array10 a = alloc10();
18        // ... following code omitted.
19        return 0;
20        }

In writing this program which allocates an array of 10 integers the programmer made one fatal flaw. Can you find it?

bug433.cpp lint Output

--- Module:   bug433.cpp
                                           _
    p = (Array10) malloc( sizeof(Array10) );
bug433.cpp(8) : Warning 433: Allocated area not large enough for pointer
bug433.cpp(8) : Info 826: Suspicious pointer-to-pointer conversion (area too small)
    _
    }
bug433.cpp(20) : Warning 529: Symbol 'a' (line 17) not subsequently referenced

Reference Manual Explanation

 
433  Allocated area not large enough for pointer -- An allocation was assigned
     to a pointer whose reach extends beyond the area that was allocated. This
     would usually happen only with library allocation routines such as malloc
     and calloc.  For example:

                int *p = malloc(1);

     This message is also provided for user-declared allocation functions.
     For example, if a user's own allocation function is provided with the
     following semantic:

                -sem(ouralloc,@P==malloc(1n))

     We would report the same message. Please note that it is necessary
     to designate that the returned area is freshly allocated (ala malloc).

     This message is always given in conjunction with the more general
     Informational Message 826.