V647. The value of 'A' type is assigned to the pointer of 'B' type.


The analyzer has detected an incorrect pointer operation: an integer value or constant is written into a pointer to the integer type. Either the variable address should be most likely written into the pointer, or the value should be written by the address the pointer refers to.

Consider an example of incorrect code:

void foo()
{
  int *a = GetPtr();
  int b = 10;
  a = b;             // <=
  Foo(a);
}

In this case, value 10 is assigned to the 'a' pointer. We will actually get an invalid pointer. To fix this, we should dereference the 'a' pointer or take the address of the 'b' variable.

This is the fixed code:

void foo()
{
  int *a = GetPtr();
  int b = 10;
  *a = b;
  Foo(a);
}

The following code variant is correct too:

void foo()
{
  int *a = GetPtr();
  int b = 10;
  a = &b;
  Foo(a);
}

The analyzer considers it safe when a variable of the pointer type is used to store such magic numbers as -1, 0xcccccccc, 0xbadbeef, 0xdeadbeef, 0xfeeefeee, 0xcdcdcdcd, and so on. These values are often used for the debugging purpose or as special markers.

Note 1

This error is possible only in the C language. In C++, you cannot implicitly cast an integer value to the pointer (except for 0).

Note 2

Sometimes the analyzer's warnings may look strange. Take a look at the following example:

char *page_range_split = strtok(page_range, ",");

The analyzer outputs a warning saying that a value of type 'int' is stored into a pointer. But the 'strtok' function returns a pointer, so what's the problem?

The problem is that the declaration of the 'strtok' function may be missing! The programmer may have forgotten to include the corresponding header file. In C, the default return value of functions is of type 'int'. It is based on these assumptions that the code will be compiled. It's a serious defect, which will cause pointer corruption in 64-bit programs. This issue is disucssed in detail in the article "A nice 64-bit error in C".

According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-587.

You can look at examples of errors detected by the V647 diagnostic.


Bugs Found

Checked Projects
354
Collected Errors
13 290