V604. It is odd that the number of iterations in the loop equals to the size of the pointer.


The analyzer has detected a potential error in a construct that comprises a loop. The loop is odd because the number of iterations in it equals to the sizeof(pointer). It is highly probable that the number of iterations should correspond to the size of the array the pointer refers to.

Let's see how such an error might occur. This is how the program looked at first:

char A[N];
for (size_t i=0; i < sizeof(A); ++i)
  A[i] = 0;

Then the program code underwent some changes and the 'A' array has become a variable-sized array. The code has become incorrect:

char *A = (char *)malloc(N);
for (size_t i=0; i < sizeof(A); ++i)
  A[i] = 0;

Now the "sizeof(A)" expression returns the pointer size, not the array's size.

This is the correct code:

char *A = (char *)malloc(N);
for (size_t i=0; i < N; ++i)
  A[i] = 0;

According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-682.

You can look at examples of errors detected by the V604 diagnostic.


Bugs Found

Checked Projects
364
Collected Errors
13 504