2

I am trying to add SALto my code... i worked according msdn and found bug in msdn examples, don't know how to deal with it.

Here litle changed example "Output of pointer to caller (Example: The Outptr Annotation)" from Understanding SAL

Outptr is used to annotate a parameter that's intended to return a pointer. The parameter itself should not be NULL, and the called function returns a non-NULL pointer in it and that pointer points to initialized data.

My code:

#include "stdafx.h"
#include "assert.h"

void GoodOutPtrCallee(_Outptr_ int **pInt)
{
    int *pInt2 = new int;

    if (*pInt != NULL)
    {
        *pInt2 = 1;
    }
    else
    {
        *pInt2 = 2;
    }

    *pInt = pInt2;
}

int _tmain(int argc, _TCHAR* argv[])
{
    int* nullValue = NULL;
    GoodOutPtrCallee(&nullValue); 
    assert(*nullValue == 2);

    int someValue = 22;
    int* someValuePtr = &someValue;
    GoodOutPtrCallee(&someValuePtr); 
    assert(*someValuePtr == 1);

    return 0;
}

If i compile it in VS2013 with code alalysys enabled i got C6001: using uninitialized memory

for 

if (*pInt != NULL)

row.

What is worng here in my annotation and how can i fix it?

Brans Ds
  • 4,039
  • 35
  • 64
  • If you want bad code like this to pass an analysis then you have to *remove* the SAL annotation. Surely that isn't your intention. – Hans Passant Oct 31 '14 at 16:29
  • @HansPassant that is demo code to find how SAL works... not ideal.. but what is so-so bad in such approach? – Brans Ds Oct 31 '14 at 16:43
  • SAL is not well documented. I find the VC++ header, matching my function prototype, and see how it is annotated. As of now, I cannot collect such function (`int**`). – Ajay Oct 31 '14 at 17:22
  • I'd simply say the compiler tells us that what `pInt` is pointing is being read although `pInt` is been annotated to "only" return something, which implies it is being written only. – alk Oct 31 '14 at 17:49

2 Answers2

2

Since you're reading from the value passed through the pointer parameter pInt you can't use _Outptr_ , as this describes a parameter that's only used as an output, not also as an input. Use _Inout_ instead.

You might want to reconsider using SAL. It's very poorly documented, and as a result I can't say with any certainty that _Inout_ is actually the best annotation to use here. All I know for sure is that it's best match I could find based on Microsoft's vague descriptions, and it gets rid of the warning. Of course so would not using an annotation.

Ross Ridge
  • 38,414
  • 7
  • 81
  • 112
1

EDIT: I was confused by similar variable names, pInt and pInt2. You're probably should mark pInt as input and output, not just as output, because you're reading it's value to check whether it is NULL

Kirill Gamazkov
  • 3,277
  • 1
  • 18
  • 22
  • Kirill, i am trying to check whether pointer on pointer is pointed on value or null..please see my updated code. – Brans Ds Oct 31 '14 at 16:40
  • Annotation is mostly correct. Code is for sure correct. – Ajay Oct 31 '14 at 17:23
  • 1
    Oh, I see, my fault. Looks like annotation `_Outptr_` is insufficient: if `pInt` is used only as output (as annotation says), then why you tread it as input (by checking it's value for `NULL`)? – Kirill Gamazkov Nov 01 '14 at 11:37