V635. Consider inspecting the expression. The length should probably be multiplied by the sizeof(wchar_t).


The analyzer has detected a potential error: a memory amount of incorrect size is allocated to store a string in the UNICODE format.

This error usually occurs when the 'strlen' or 'wcslen' function is used to calculate an array size. Programmers often forget to multiply the resulting number of characters by sizeof(wchar_t). As a result, an array overrun may occur.

Consider an example of incorrect code:

wchar_t src[] = L"abc";
wchar_t *dst = (wchar_t *)malloc(wcslen(src) + 1);
wcscpy(dst, src);

In this case, it's just 4 bytes that will be allocated. Since the 'wchar_t' type's size is 2 or 4 bytes depending on the data model, this memory amount may appear insufficient. To correct the mistake you should multiply the expression inside 'malloc' by 'sizeof(wchar_t)'.

This is the correct code:

wchar_t *dst =
  (wchar_t *)malloc((wcslen(src) + 1) * sizeof(wchar_t));

According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-135.

You can look at examples of errors detected by the V635 diagnostic.


Bugs Found

Checked Projects
336
Collected Errors
12 743