To get a trial key
fill out the form below
Team License (a basic version)
Enterprise License (an extended version)
* By clicking this button you agree to our Privacy Policy statement

Request our prices
New License
License Renewal
--Select currency--
USD
EUR
GBP
RUB
* By clicking this button you agree to our Privacy Policy statement

Free PVS-Studio license for Microsoft MVP specialists
* By clicking this button you agree to our Privacy Policy statement

To get the licence for your open-source project, please fill out this form
* By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:
* By clicking this button you agree to our Privacy Policy statement

Message submitted.

Your message has been sent. We will email you at


If you haven't received our response, please do the following:
check your Spam/Junk folder and click the "Not Spam" button for our message.
This way, you won't miss messages from our team in the future.

>
>
>
V512. Call of the 'Foo' function will l…
Analyzer diagnostics
General Analysis (C++)
General Analysis (C#)
General Analysis (Java)
Diagnosis of micro-optimizations (C++)
Diagnosis of 64-bit errors (Viva64, C++)
MISRA errors
AUTOSAR errors
OWASP errors (C#)
Additional information
Contents

V512. Call of the 'Foo' function will lead to buffer overflow or underflow.

Apr 02 2013

The analyzer found a potential error related to memory buffer filling, copying or comparison. The error might cause a buffer overflow or, vice versa, buffer underflow.

This is a rather common kind of errors that occurs due to misprints or inattention. What is unpleasant about such errors is that a program might work well for a long time. Due to sheer luck, acceptable values might be found in uninitialized memory. The area of writable memory might not be used.

Let's study two samples taken from real applications.

Sample N1.

MD5Context *ctx;
...
memset(ctx, 0, sizeof(ctx));

Here the misprint causes clearing of only a part of the structure and not the whole structure. The error is in calculation of the pointer's size and not the whole structure MD5Context. Here is the correct version of the code:

MD5Context *ctx;
...
memset(ctx, 0, sizeof(*ctx));

Sample N2.

#define CONT_MAP_MAX 50
int _iContMap[CONT_MAP_MAX];
memset(_iContMap, -1, CONT_MAP_MAX);

In this sample, the size of the buffer to be filled is also defined incorrectly. This is the correct version:

#define CONT_MAP_MAX 50
int _iContMap[CONT_MAP_MAX];
memset(_iContMap, -1, CONT_MAP_MAX * sizeof(int));

Sample N3.

struct MyTime
{
  ....
  int time;
};
MyTime s;
time((time_t*)&s.time);

In this sample the type 's.time' is also specified incorrectly. In case there is a 64-bit time_t, we'll get an overflow. This is the correct version:

struct MyTime
{
  ....
  time_t time;
};
MyTime s;
time(&s.time);

Note on the strncpy function.

Some programmers are surprised that the analyzer generates the V512 warning on the following code:

char buf[5];
strncpy(buf, "X", 100);

It may seem at first sight that the function is to copy only 2 bytes (the 'X' character and the terminal null). But an array overrun will really occur here. The author of this code has forgotten one thing about the 'strncpy' function. Here is a quotation from the description of this function on the MSDN website: If count is greater than the length of strSource, the destination string is padded with null characters up to length count.

Note about false positives warning.

It turns out for some reason that for some projects the analyzer generates a lot of false positives warning about buffer underflows. Sometimes, on the contrary, all the warnings about buffer overflows appear to be false positives. In this case you may use the fine setting of the diagnostic rule.

It can be done by adding the following comments into the code text where you need:

//-V512_UNDERFLOW_OFF

//-V512_OVERFLOW_OFF

The first comment disables warnings about underflows in the current translation unit, while the second disables warnings about overflows. If you add both, it will be identical to completely disabling the V512 diagnostic rule.

These comments should be added into the header file included into all the other files. For instance, such is the "stdafx.h" file. If you add the comments into the "*.cpp" file, they will affect only this particular file.

Work with unknown values of arguments to format strings

Sometimes the analyzer will not know the exact value of the argument – for example, when it came from function's parameter:

void foo(int someVar)
{
  char buf[2];
  sprintf(buf, "%d", someVar);
  ....
}

There will be no warning by default. To enable it, use the following comment:

//V_512_WARN_ON_UNKNOWN_FORMAT_ARGS

In this case the analyzer will use the range of values from type of the argument.

This diagnostic is classified as:

You can look at examples of errors detected by the V512 diagnostic.

This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site.
Learn More →
Accept