Bad sizeof - Coverity Warning:
The "sizeof" is an unary operator in C which is used to compute the size of its operand. The "BAD_SIZEOF" is a type of coverity warning which will be reported when there is a possibility of logical error in the usage of the "sizeof" operator. Consider the program given below.
#include <stdio.h>
#include <string.h>
int main()
{
char src_string[10]="C_Program", out_string1[10] = {0}, out_string2[10] = {0};
char *ptr = NULL;
ptr = src_string;
printf ("src_string=%s ;; *ptr=%s\n", src_string, ptr);
memcpy(out_string1, src_string, sizeof(src_string));
memcpy(out_string2, src_string, sizeof(ptr)); /* <<<<< bad_sizeof warning will be reported by coverity at this line >>>>>*/
printf ("Out_String1=%s ;; Out_String2=%s\n",out_string1, out_string2);
printf ("sizeof(src_string)=%u ;; sizeof(ptr)=%u\n",sizeof(src_string), sizeof(ptr));
return 0;
}
In this program, we try to copy the string "C_Program" into two different output variables using the "memcpy" function. We assign the base address of the character array "src_string" to a character pointer "ptr". We can print the string "C_Program" by using either "src_string" or "ptr". But when we try to calculate the size of these variables, this will result in different values. Because of this reason, when we try to copy this string to output variables using "memcpy", the results are different.
When we execute the program we get the below output.
Output:
src_string=C_Program ;; *ptr=C_Program <<<< Both src_string && ptr prints the string properly
Out_String1=C_Program ;; Out_String2=C_Pr <<< The values copied into out_string1 and out_string2 are different.
sizeof(src_string)=10 ;; sizeof(ptr)=4
From the above output, we can understand that the string "C_Program" is being printed properly using "src_string" and "ptr". While copying to output variables, the value is properly copied into the variable "out_string1". Whereas for the variable "out_string2", only partial string was copied.
In the first "memcpy" statement, we used the "sizeof(src_string)". This will calculate the size of the argument "src_string" which is an array. In this case it happens to be 10. So, all the characters are properly copied into the variable "out_string1".
In the second "memcpy" statement, we used "sizeof(ptr)". The argument "ptr" is a pointer variable whose size is 4 bytes. So, only 4 bytes are being copied into "out_string2". The coverity tool will report this second sizeof statement as "bad_sizeof". We wanted to copy the entire string pointed by "ptr" into the variable "out_string2". But due to incorrect use of sizeof operator, the result went wrong.
How to Solve:
We can re-write the second "memcpy" statement as given below which will resolve the error.
memcpy (out_string2, src_string, strlen(ptr));
Otherwise, we can use the first memcpy statement alone to copy the string.
This is one example which illustrated the incorrect usage of "sizeof" operator.Whenever coverity reports "bad_sizeof" warning, verify that the argument passed to the "sizeof" operator is proper and correct the statement in appropriate way.
The "sizeof" is an unary operator in C which is used to compute the size of its operand. The "BAD_SIZEOF" is a type of coverity warning which will be reported when there is a possibility of logical error in the usage of the "sizeof" operator. Consider the program given below.
#include <stdio.h>
#include <string.h>
int main()
{
char src_string[10]="C_Program", out_string1[10] = {0}, out_string2[10] = {0};
char *ptr = NULL;
ptr = src_string;
printf ("src_string=%s ;; *ptr=%s\n", src_string, ptr);
memcpy(out_string1, src_string, sizeof(src_string));
memcpy(out_string2, src_string, sizeof(ptr)); /* <<<<< bad_sizeof warning will be reported by coverity at this line >>>>>*/
printf ("Out_String1=%s ;; Out_String2=%s\n",out_string1, out_string2);
printf ("sizeof(src_string)=%u ;; sizeof(ptr)=%u\n",sizeof(src_string), sizeof(ptr));
return 0;
}
In this program, we try to copy the string "C_Program" into two different output variables using the "memcpy" function. We assign the base address of the character array "src_string" to a character pointer "ptr". We can print the string "C_Program" by using either "src_string" or "ptr". But when we try to calculate the size of these variables, this will result in different values. Because of this reason, when we try to copy this string to output variables using "memcpy", the results are different.
When we execute the program we get the below output.
Output:
src_string=C_Program ;; *ptr=C_Program <<<< Both src_string && ptr prints the string properly
Out_String1=C_Program ;; Out_String2=C_Pr <<< The values copied into out_string1 and out_string2 are different.
sizeof(src_string)=10 ;; sizeof(ptr)=4
From the above output, we can understand that the string "C_Program" is being printed properly using "src_string" and "ptr". While copying to output variables, the value is properly copied into the variable "out_string1". Whereas for the variable "out_string2", only partial string was copied.
In the first "memcpy" statement, we used the "sizeof(src_string)". This will calculate the size of the argument "src_string" which is an array. In this case it happens to be 10. So, all the characters are properly copied into the variable "out_string1".
In the second "memcpy" statement, we used "sizeof(ptr)". The argument "ptr" is a pointer variable whose size is 4 bytes. So, only 4 bytes are being copied into "out_string2". The coverity tool will report this second sizeof statement as "bad_sizeof". We wanted to copy the entire string pointed by "ptr" into the variable "out_string2". But due to incorrect use of sizeof operator, the result went wrong.
How to Solve:
We can re-write the second "memcpy" statement as given below which will resolve the error.
memcpy (out_string2, src_string, strlen(ptr));
Otherwise, we can use the first memcpy statement alone to copy the string.
This is one example which illustrated the incorrect usage of "sizeof" operator.Whenever coverity reports "bad_sizeof" warning, verify that the argument passed to the "sizeof" operator is proper and correct the statement in appropriate way.
No comments:
Post a Comment