Pour obtenir une clé
d'essai remplissez le formulaire ci-dessous
Demandez des tariffs
Nouvelle licence
Renouvellement de licence
--Sélectionnez la devise--
USD
EUR
RUB
* En cliquant sur ce bouton, vous acceptez notre politique de confidentialité

Free PVS-Studio license for Microsoft MVP specialists
To get the licence for your open-source project, please fill out this form
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

I am interested to try it on the platforms:
** En cliquant sur ce bouton, vous acceptez notre politique de confidentialité.

Votre message a été envoyé.

Nous vous répondrons à


Si vous n'avez toujours pas reçu de réponse, vérifiez votre dossier
Spam/Junk et cliquez sur le bouton "Not Spam".
De cette façon, vous ne manquerez la réponse de notre équipe.

>
>
>
Array index out of bounds

Array index out of bounds

06 Mar 2013

The array index out of bounds error is a special case of the buffer overflow error. It occurs when the index used to address array items exceeds the allowed value. It's the area outside the array bounds which is being addressed, that's why this situation is considered a case of undefined behavior. Absence of array overrun control in C and C++ is the factor that makes this error possible.

The array index out of bounds error can be diagnosed with static or dynamic code analyzers. Diagnostics for these defects are quite urgent, as it may take much time before these errors reveal themselves. Whether a program containing them will work or not depends on the compiler version or operating system version.

Here are some examples of this error found in the code of real open-source projects by the PVS-Studio static analyzer.

The Dumb project, Dynamic Universal Music Bibliotheque.

struct IT_SAMPLE
{
  ....
  unsigned char filename[14];
  ....
};

static int it_riff_dsmf_process_sample(
  IT_SAMPLE * sample, const unsigned char * data, int len)
{
  int flags;
  memcpy( sample->filename, data, 13 );
  sample->filename[ 14 ] = 0;
  ....
}

The 'filename' array consists of 14 items, but the 'it_riff_dsmf_process_sample' function addresses the 14-th item lying outside the array bounds. Programmers often make this mistake because they forget that array indexing in C/C++ starts with zero and ends with a value that is one less than the array size.

Let's have a look at one more similar error. The Wolfenstein 3D project, a computer game by 'id Software'.

typedef struct bot_state_s
{
  ...
  char teamleader[32]; //netname of the team leader
  ...
}  bot_state_t;

void BotMatch_StartTeamLeaderShip(
  bot_state_t *bs, bot_match_t *match)
{
  ...
  bs->teamleader[sizeof( bs->teamleader )] = '\0';
  ...
}

The error in this case is this: 'sizeof(Array)' returns the array size, while you need to subtract one from the result returned by 'sizeof(Array)' to address the last item.

Here you may see other samples of this error found through the static analysis method.

Comments (0)

Next comments
Unicorn with delicious cookie
Nous utilisons des cookies pour améliorer votre expérience de navigation. En savoir plus
Accepter