Example 55 Out of bound access

When an array is referenced and the index is greater than the declared (or dynamically allocated) size, unexpected runtime behavior may occur. In such cases, cadvise flags it as potential array out of bound access violation. Such potential issues are flagged by cadvise, as shown in the following code:

int a[100]; int foo(int i)

{

if (i < 100) a[i] = 0;

else

a[i] = 20; // potential out of bound access return 0;

}

Cadvise detects out of bound accesses on both statically and dynamically allocated arrays.

In such cases, cadvise generates the following warning:

"oob.c", line 7, procedure foo: warning #20206-D: Out of bound access (In expression "&a[i]", array "a" [oob.c:1] (type: int [100]) has element range [0 .. 99], writing element range [100 .. ?].)

Example 56 Out of scope access

Cadvise flags out of scope access of variables in the application. Unexpected results may occur in the following cases:

When the local variable address is returned and dereferenced by the caller.

When the allocated memory is returned and dereferenced by the caller.

When an inner block scope variable is accessed indirectly in the enclosing scope. The Code Advisor flags such potential issues, as shown in the following code:

#include <stdio.h> int foo()

{

int *p;

{

int q; scanf("%d", &q); p = &q;

}

//out of scope reference to q return *p;

}

In such cases, cadvise generates the following warning:

"oos.c", line 20, procedure foo: warning #20203-D: Potential out of scope use of local variable q

8.2 Detecting generic programming errors 49