The analyzer found a potential error related to allocating insufficient amount of memory. The string's length is calculated in code and the memory buffer of a corresponding size is allocated but the terminal '\0' is not allowed for.
Consider this example:
char *p = (char *)malloc(strlen(src));
strcpy(p, src);
In this case, it is just +1 which is missing. The correct version is:
char *p = (char *)malloc(strlen(src) + 1);
strcpy(p, src);
Here is another example of incorrect code detected by the analyzer in one application:
if((t=(char *)realloc(next->name, strlen(name+1))))
{
next->name=t;
strcpy(next->name,name);
}
The programmer was inattentive and made a mistake when writing the right bracket ')'. As a result, we will allocate 2 bytes less memory than necessary. This is the correct code:
if((t=(char *)realloc(next->name, strlen(name)+1)))
This diagnostic is classified as:
|
You can look at examples of errors detected by the V518 diagnostic. |