Project Name | CID | Checker | Category | Developer Description |
---|---|---|---|---|
openfpm_pdata | 53706 | OVERRUN | Memory - corruptions | Coverty scan correctly understood the logic of this code, and reported that the loop condition is wrong. In particular setHigh, set an internal array of size given by template parameter dim. This mean that for setHigh(i,x) i must be bounded by dim. Coverty scan detected that in case the size of the compile-time array given is bigger that dim, the loop can bring the variable "i" to go over dim. Coverty correctly understood how the compile-time part of the program couple with the run-time part. It calculates the bounds coming from the compile-time information like for the C++11 for-loop construction, and reported that the if break condition was not enough to ensure the bound for setHigh. ( "<" should be fixed with "<=" ) |
413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 |
inline Box<dim,T> operator*(const Point<dim,T> & p) { Box<dim,T> ret; for (size_t i = 0 ; i < dim ; i++) { ret.setLow(i, getLow(i)*p.get(i)); ret.setHigh(i, getHigh(i)*p.get(i)); } return ret; } /*! \brief Constructor from initializer list * * Constructor from initializer list * * \param p1 Low point, initialize as a list example {0.0,0.0,0.0} * \param p2 High point, initialized as a list example {1.0,1.0,1.0} * */ inline void set(std::initializer_list<T> p1, std::initializer_list<T> p2) { size_t i = 0; |
< 1. Iterating over another element of "p1"
< 2. Iterating over another element of "p1"
< 4. Iterating over another element of "p1"
437 438 |
for(T x : p1)
{ |
<<< CID 53706: Memory - corruptions OVERRUN <<< 5. Overrunning callee's array of size 2 by passing argument "i" (which evaluates to 2) in call to "setLow".
439 440 |
setLow(i,x); i++; |
<< 3. Checking "i > 2UL" implies that "i" may be up to 2 on the false branch.
441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 |
if (i > dim) break; } i = 0; for(T x : p2) { setHigh(i,x); i++; if (i > dim) break; } } /*! \brief set the low interval of the box * * \param i dimension * \param val value to set * */ inline void setLow(int i, T val) { boost::fusion::at_c<p1>(data)[i] = val; } /*! \brief set the high interval of the box * |
3. cond_at_most | Box.hpp:441 | |
5. overrun-call | Box.hpp:439 |