The analyzer detected an explicit conversion of a numerical value to the pointer type. This warning is usually generated for code fragments where numbers are used for flagging objects' states. Such methods are not necessarily errors but usually signal a bad code design. Consider this sample:
const DWORD SHELL_VERSION = 0x4110400; ... char *ptr = (char*) SHELL_VERSION; ... if (ptr == (char*) SHELL_VERSION)
The constant value which marks some special state is saved into the pointer. This code might work well for a long time, but if an object is created by the address 0x4110400, we will not determine if this is a magic flag or just an object. If you want to use a special flag, you'd better write it so:
const DWORD SHELL_VERSION = 0x4110400; ... char *ptr = (char*)(&SHELL_VERSION); ... if (ptr == (char*)(&SHELL_VERSION))
Note. To make false alarms fewer, the V566 message is not generated for a range of cases. For instance, it does not appear if values -1, 0, 0xcccccccc and 0xdeadbeef are magic numbers; if a number lies within the range between 0 and 65535 and is cast to a string pointer. This enables us to skip correct code fragments like the following one:
CString sMessage( (LPCSTR)IDS_FILE_WAS_CHANGED ) ;
This method of loading a string from resources is rather popular but certainly you'd better use MAKEINTRESOURCE. There are some other exceptions as well.
According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-587.