4

I can't figure this out. I have the following code:

#define SIZE 1000
#define MEMORY 0x10000000

unsigned char table[SIZE];
int i;

for(i=0;i<SIZE;i++) {
    table[i] = *(unsigned char*)(MEMORY +i);
}

And Klockwork tells me

Buffer overflow, array index of 'table' may be out of bounds. Array 'table' of size 1000 (adjusted size 250) may use index value(s) 250..999.

Is there a real problem here? This seems an awfully obvious false positive if there isn't.

DarenW
  • 16,549
  • 7
  • 63
  • 102
Makis
  • 12,468
  • 10
  • 62
  • 71
  • I have seen a few mentions to this warning in the web, and it seems to be related to the casting (in the right side of the expression) can you try it with `*((unsigned char*)(MEMORY +i))` ? – MByD Aug 24 '11 at 06:01
  • I'll see if I can try that later, but thanks for the tip. – Makis Aug 24 '11 at 06:16

1 Answers1

4

This code has no problems: Frama-C confirms that using this command line: frama-c -val -absolute-valid-range 0x10000000-0x10001000 file.c provided you put the for loop inside a function body.

According to Klockwork, this false alarm could be related to your cast: see http://developer.klocwork.com/community/forums/klocwork-general/general-discussion/buffer-overflow-adjusted-size

Benjamin Monate
  • 314
  • 2
  • 5
  • Thanks, that cleared it up. I'll mark these are "Not a problem". – Makis Aug 24 '11 at 06:15
  • Agreed; in particular, see Kirill Zhegulev’s comment from 04/28/2011 about missing include files or macro definitions. It’s *crucial* to get these right, or you can end up wasting most of your time. In my experience, if the “adjusted size” is less than the original size (especially if it’s zero), the report is almost always a false positive. But if the adjusted size is larger than the original size, it may well be correct. – Flash Sheridan Aug 24 '11 at 14:53