PVS-Studio.com logo
V1086. Call of the 'Foo' function will …

V1086. Call of the 'Foo' function will lead to buffer underflow.

The analyzer has detected a potential error related to filling, copying or comparing memory buffers. The error can lead to buffer underflow.

Note: previously this diagnostic rule was a part of another diagnostic – V512, but later we decided to divide them. You can read more about causes and consequences of this decision in the special note.

This is a common type of errors caused, for example, by typos or inattention. The error can lead to incomplete data clearing and as a result, to using uninitialized or damaged memory. Although the program can run without problems for a long time. That's the main trouble of such errors.

Let's look at two examples from the real applications.

Example N1:

MD5Context *ctx;
memset(ctx, 0, sizeof(ctx));

Here, zeros do not fill the entire structure, but only part of it, because of a typo. The error is that the pointer's size is calculated, not the 'MD5Context' structure's size. The correct code variant is as follows:

MD5Context *ctx;
memset(ctx, 0, sizeof(*ctx));

Example N2:

#define CONT_MAP_MAX 50
int _iContMap[CONT_MAP_MAX];
memset(_iContMap, -1, CONT_MAP_MAX);

In this example, the size of the buffer is specified incorrectly. The correct code variant is:

#define CONT_MAP_MAX 50
int _iContMap[CONT_MAP_MAX];
memset(_iContMap, -1, CONT_MAP_MAX * sizeof(int));

Older versions compatibility

Previously this diagnostic rule was a part of another diagnostic —V512. For backward compatibility, we still provide the option to disable this diagnostic with a special comment:


You can add this comment into the header file, included into all the other files. For instance, it can be the "stdafx.h" file. If you add this comment into the "*.cpp" file, it will affect only this particular file.

This diagnostic is classified as:

You can look at examples of errors detected by the V1086 diagnostic.