To get a trial key
fill out the form below
Team License (standard version)
Enterprise License (extended version)
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Request our prices
New License
License Renewal
--Select currency--
USD
EUR
GBP
RUB
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

** This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
>
Magic constants and malloc() function

Magic constants and malloc() function

Sep 07 2009
Author:

Once again I would like to discuss the issue of using magic constants in code. We can eternally repeat that one should use sizeof() operator for correct calculation of the size of memory being allocated. But both this knowledge and correct writing of a new code will not help you detect an error already existing in the maze of the old code in large projects.

Let's consider a typical example of an error:

size_t nCount = 10;
int **poinerArray = (int **)malloc(nCount * 4);

The code is incorrect but in a 32-bit system it will work correctly. The error can occur when adapting the program to a different software/hardware environment. It has become very urgent and important to detect such a code because of mass migration of software on 64-bit systems. Changing of the sizes of some base types makes a code like this very dangerous. Viva64 analyzer included into PVS-Studio will show a warning about using magic constant "4″ on the code given above and an error will be detected when viewing the diagnostic warnings. But a code can be more complicated:

#define N_COUNT 100
#define POINTER_SIZE 4
#define NSIZE (N_COUNT * POINTER_SIZE)
int **pArray = (int **)malloc(NSIZE);

It is more difficult to diagnose an error in such a code written in C style with the use of #define. Although the code contains constant 4 defined by a macro, Viva64 analyzer is deliberately set so as to avoid showing warnings on such constructions. The analyzer ignores magic constants defined by macros (#define) due to two reasons. First, if a programmer defines constants through macros, he is likely to know what he is doing and a false response is very likely to occur. Second, if we react to constants which are dangerous from the viewpoint of a constant's 64-bit mode (4, 8, 32 etc) we will have too many false responses relating to using Windows API. Let's consider a harmless code as an example:

MessageBox("Are you sure ?",
           "Some question",
           MB_YESNO | MB_ICONQUESTION);

If we analyze the magic numbers hidden behind MB_YESNO and MB_ICONQUESTION macros there should be two warnings on using magic constants 4 and 32 on this line. Of course, it is too great a level of false responses. When analyzing malloc() function we can print all information about all dangerous magic constants without paying attention if it is a macro or not. But that is not enough anyway for the next case:

int **pArray = (int **)malloc(400);

If we go further and consider any number used in the expression for malloc() function unsafe it will cause false responses on a correct code:

int **pArray = (int **)malloc(400 * sizeof(int *));

On examining the situation, we have decided to introduce a new rule to verify applications whose result is transferred into malloc() function. At present, this rule reads as follows:

You should consider unsafe using numeric literals in the expression transferred into malloc() function. Exceptions:

1) The expression contains sizeof() operator

2) All the numeric literals divide by four with a remainder

Thanks to this rule we can warn about an error in the following code:

1) The first example:

void *p = malloc(nCount * 4);

2) The second example:

#define N_COUNT 100
#define POINTER_SIZE 4
#define NSIZE (N_COUNT * POINTER_SIZE)
int **pArray = (int **)malloc(NSIZE);

And also avoid showing a false warning on the code like:

1) The first example:

void *p = malloc(sizeof(double) * 4);

2) The second example:

#define N_COUNT 100
#define POINTER_SIZE sizeof(int *)
#define NSIZE (N_COUNT * POINTER_SIZE)
int **pArray = (int **)malloc(NSIZE);

This new diagnostic rule is most likely to appear in the next version of PVS-Studio 3.30. Let's now consider another situation also relating to malloc() function and incorrect suggestion about data alignment. It is not quite relative to magic constants but the problem is similar. Let's consider an example of code:

struct MyBigStruct {
  unsigned m_numberOfPointers;
  void *m_Pointers[1];
};
unsigned n = 10000;
void *ptr = malloc(sizeof(unsigned) +
                   n * sizeof(void *));

Although this code does not use magic numbers and the size of the types is defined by sizeof() the code is still incorrect. It does not take into account changing of the data alignment method different for 32-bit and 64-bit systems. The following code will be correct:

void *ptr = malloc(
  offsetof(MyBigStruct, m_Pointers) +
  n * sizeof(void *));

To warn the user about a possible error we are planning to introduce one more rule:

You should consider unsafe using more than one sizeof() operator in the expression transferred into malloc function. Perhaps, changing of alignment is not considered when calculating the structure's size.

In some cases this rule will cause false responses but such places must be checked thoroughly anyway.

The dangerous expressions with magic constants described above are topical not only for malloc() function but for a class of such functions as fread, fwrite etc. But these functions must be studied separately and we will perform their analysis later when diagnosis relating to malloc() function is completely worked out.

Popular related articles
PVS-Studio for Java

Date: Jan 17 2019

Author: Andrey Karpov

In the seventh version of the PVS-Studio static analyzer, we added support of the Java language. It's time for a brief story of how we've started making support of the Java language, how far we've co…
Free PVS-Studio for those who develops open source projects

Date: Dec 22 2018

Author: Andrey Karpov

On the New 2019 year's eve, a PVS-Studio team decided to make a nice gift for all contributors of open-source projects hosted on GitHub, GitLab or Bitbucket. They are given free usage of PVS-Studio s…
The Ultimate Question of Programming, Refactoring, and Everything

Date: Apr 14 2016

Author: Andrey Karpov

Yes, you've guessed correctly - the answer is "42". In this article you will find 42 recommendations about coding in C++ that can help a programmer avoid a lot of errors, save time and effort. The au…
Appreciate Static Code Analysis!

Date: Oct 16 2017

Author: Andrey Karpov

I am really astonished by the capabilities of static code analysis even though I am one of the developers of PVS-Studio analyzer myself. The tool surprised me the other day as it turned out to be sma…
Static analysis as part of the development process in Unreal Engine

Date: Jun 27 2017

Author: Andrey Karpov

Unreal Engine continues to develop as new code is added and previously written code is changed. What is the inevitable consequence of ongoing development in a project? The emergence of new bugs in th…
Characteristics of PVS-Studio Analyzer by the Example of EFL Core Libraries, 10-15% of False Positives

Date: Jul 31 2017

Author: Andrey Karpov

After I wrote quite a big article about the analysis of the Tizen OS code, I received a large number of questions concerning the percentage of false positives and the density of errors (how many erro…
The way static analyzers fight against false positives, and why they do it

Date: Mar 20 2017

Author: Andrey Karpov

In my previous article I wrote that I don't like the approach of evaluating the efficiency of static analyzers with the help of synthetic tests. In that article, I give the example of a code fragment…
Technologies used in the PVS-Studio code analyzer for finding bugs and potential vulnerabilities

Date: Nov 21 2018

Author: Andrey Karpov

A brief description of technologies used in the PVS-Studio tool, which let us effectively detect a large number of error patterns and potential vulnerabilities. The article describes the implementati…
The Last Line Effect

Date: May 31 2014

Author: Andrey Karpov

I have studied many errors caused by the use of the Copy-Paste method, and can assure you that programmers most often tend to make mistakes in the last fragment of a homogeneous code block. I have ne…
PVS-Studio ROI

Date: Jan 30 2019

Author: Andrey Karpov

Occasionally, we're asked a question, what monetary value the company will receive from using PVS-Studio. We decided to draw up a response in the form of an article and provide tables, which will sho…

Comments (0)

Next comments

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept