V1086. Call of the 'Foo' function will lead to buffer underflow.
The analyzer has detected a potential error related to filling, copying or comparing memory buffers. The error can lead to buffer underflow.
Note: previously this diagnostic rule was a part of another diagnostic – V512, but later we decided to divide them. You can read more about causes and consequences of this decision in the special note.
This is a common type of errors caused, for example, by typos or inattention. The error can lead to incomplete data clearing and as a result, to using uninitialized or damaged memory. Although the program can run without problems for a long time. That's the main trouble of such errors.
Let's look at two examples from the real applications.
MD5Context *ctx; .... memset(ctx, 0, sizeof(ctx));
Here, zeros do not fill the entire structure, but only part of it, because of a typo. The error is that the pointer's size is calculated, not the 'MD5Context' structure's size. The correct code variant is as follows:
MD5Context *ctx; .... memset(ctx, 0, sizeof(*ctx));
#define CONT_MAP_MAX 50 int _iContMap[CONT_MAP_MAX]; memset(_iContMap, -1, CONT_MAP_MAX);
In this example, the size of the buffer is specified incorrectly. The correct code variant is:
#define CONT_MAP_MAX 50 int _iContMap[CONT_MAP_MAX]; memset(_iContMap, -1, CONT_MAP_MAX * sizeof(int));
Older versions compatibility
Previously this diagnostic rule was a part of another diagnostic —V512. For backward compatibility, we still provide the option to disable this diagnostic with a special comment:
You can add this comment into the header file, included into all the other files. For instance, it can be the "stdafx.h" file. If you add this comment into the "*.cpp" file, it will affect only this particular file.
This diagnostic is classified as:
You can look at examples of errors detected by the V1086 diagnostic.