bug794.cpp

1   #define NULL 0
2   typedef struct _NODE NODE, *PNODE;
3   struct _NODE {
4       int Value;
5       PNODE NextNode;
6       };
7
8   PNODE InsertNodeInSortedSinglyLinkedList(
9       PNODE FirstNodeInList, PNODE NewNode )
10      {
11      PNODE NodeInList   = FirstNodeInList;
12      PNODE PreviousNode = NULL;
13      while ( NodeInList->Value <= NewNode->Value ) {
14          PreviousNode = NodeInList;
15          NodeInList   = NodeInList->NextNode;
16          }
17      PreviousNode->NextNode = NewNode;
18      NewNode->NextNode      = NodeInList;
19      return FirstNodeInList;
20      }

A prominent software firm once used this example in a recruiting ad, looking for people who could find the subtle bug contained therein. Can you find it?

bug794.cpp lint Output

--- Module:   bug794.cpp
                                    _
    PreviousNode->NextNode = NewNode;
bug794.cpp(20) : Info 794: Conceivable use of null pointer (PreviousNode)
    in left argument to operator '->'

    --- Wrap-up for Module: bug794.cpp

Info 751: local typedef NODE (line 5, file bug794.cpp) not referenced

Reference Manual Explanation

794    Conceivable use of null pointer (Symbol) in [left/right] argument
       to operator 'String'  -- From information gleaned from earlier
       statements it is conceivable that a null pointer (a pointer whose
       value is 0) can be used in a context where null pointers are
       inappropriate.  In the case of binary operators one of the words
       'left' or 'right' is used to designate which operand is null.
       Symbol identifies the pointer variable that may be NULL.  This is
       similar to messages 413 and 613 and differs from them in that the
       likelihood is not as great.  For example:

                 int *p = 0;
                 int i;
                 for( i = 0; i < n; i++ )
                     p = &a[i];
                 *p = 0;

       If the body of the for loop is never taken then p remains null.