Visual studio gives a Buffer overrun warning when overrun can't actually ever happen

Question

this is my code:

void foo(int num) {
    int *pArr = (int *)malloc(num * sizeof(int));
    // allocate array of 'sale' structs for each region
    for (int i = 0; pArr != NULL && i < num; i++) {
        pArr[i] = 1;
    }
}

int main() {
    int num = 36;
    foo(num);
}

The expression pArr[i] = 1; gives a C6386 warning

Warning C6386 Buffer overrun while writing to 'pArr': the writable size is 'num*sizeof(int)' bytes, but '8' bytes might be written.

This is very weird since the number of iterations of the for loop, AND the size of the array in the head are both dependant on num so an overrun can't actually occur ever.

And then there is a detailed explanation:

i may equal 1
pArr may be NULL (Continue this loop)
Invalid write to pArr, (outside its writable range)

But of course this is a visual studio mistake, pArr cannot be NULL, as this is a condition for entering the loop.

How can I clean this warning?
Thank you all

not related to problem: you need not to check `pArr != NULL` everytime in `for` loop — IrAM, Jan 03 '21 at 14:35
Close match: [Visual Studio 2015 Code Analysis C6386 warns of buffer overrun](https://stackoverflow.com/q/41943803) — Sourav Ghosh, Jan 03 '21 at 14:56
@Fredrik, yes that can be done above `for`, guess OP is aware of that, so dint add it explicitly — IrAM, Jan 03 '21 at 14:58
There have been multiple issues opened on Microsoft's Developer Community about C6386 false-positives. For example: [a google search](https://www.google.com/search?q=site%3Adevelopercommunity.visualstudio.com+C6386) — Blastfurnace, Jan 03 '21 at 15:06
Note: If you add a test for `num == 0` before attempting the allocation the warning goes away. — Blastfurnace, Jan 03 '21 at 15:15
How did you get this warning? I tried compiling this code with VS2019, warning level#4, but did not get any warning. — Eliyahu Machluf, Jan 03 '21 at 15:25
@EliyahuMachluf I see the warning on VS2019 release 16.8.3. Do you have Code Analysis disabled or non-default rules configured? — Blastfurnace, Jan 03 '21 at 15:33
Code analysis was disabled (by default) on my configuration. I've now turned it on, and I do get this warning. — Eliyahu Machluf, Jan 03 '21 at 15:42

score 3 · Answer 1 · answered Jan 03 '21 at 18:59

There is a simple change you can make to no longer get the C6386 warning. You should test the value of num before attempting the allocation. The C language standard has an interesting statement about passing a size of 0 to malloc().

7.22.3 Memory management functions

If the size of the space requested is zero, the behavior is implementation-defined: either a null pointer is returned to indicate an error, or the behavior is as if the size were some nonzero value, except that the returned pointer shall not be used to access an object.

The POSIX standard says something similar:

If size is 0, either:

A null pointer shall be returned and errno may be set to an implementation-defined value, or

A pointer to the allocated space shall be returned. The application shall ensure that the pointer is not used to access an object.

Microsoft's Code Analysis doesn't emit a C6386 for this code:

void foo(int num)
{
    if (num == 0) { // avoid passing 0 to malloc()
        return;
    }
    int *pArr = (int *) malloc(num * sizeof(int));
    // allocate array of 'sale' structs for each region
    for (int i = 0; pArr != NULL && i < num; i++) {
        pArr[i] = 1;
    }
}

Yes. avoiding malloc of 0 bytes solves the issue. Still the warning VS gives is enigmatic and not user friendly. — Eliyahu Machluf, Jan 04 '21 at 08:50

score 0 · Answer 2 · answered Jan 03 '21 at 17:49

The problem occurs because VS seems to be unable to deduce that the loop will never run if pArr is NULL. Replacing your code with

void foo(int num) {
    int *pArr = (int *)malloc(num * sizeof(int));
    
    if (pArr == NULL) {
        return;
    }
    
    // allocate array of 'sale' structs for each region
    for (int i = 0; i < num; i++) {
        pArr[i] = 1;
    }
}

int main() {
    int num = 36;
    foo(num);
}

will solve your problem and be more runtime-efficient.

I've tried your suggested code, but it still generates the warning mentioned. — Eliyahu Machluf, Jan 04 '21 at 08:48

Visual studio gives a Buffer overrun warning when overrun can't actually ever happen

2 Answers2

Linked

Related