Suspicious add with sizeof¶

Name: Suspicious add with sizeof — CodeQL query help documentation
Rating: 4.8 (789 reviews)

ID: cpp/suspicious-add-sizeof Kind: problem Security severity: 8.8 Severity: warning Precision: high Tags: - security - external/cwe/cwe-468 Query suites: - cpp-code-scanning.qls - cpp-security-extended.qls - cpp-security-and-quality.qls 

Click to see the query in the CodeQL repository

Pointer arithmetic in C and C++ is automatically scaled according to the size of the data type. For example, if the type of p is T* and sizeof(T)==4 then the expression p+1 adds 4 bytes to p.

This query finds code of the form p+k*sizeof(T). Such code is usually a mistake because there is no need to manually scale the offset by sizeof(T).

Recommendation¶

Whenever possible, use the array subscript operator rather than pointer arithmetic. For example, replace *(p+k) with p[k].
Cast to the correct type before using pointer arithmetic. For example, if the type of p is char* but it really points to an array of type double[] then use the syntax (double*)p+k to get a pointer to the k’th element of the array.

Example¶

intexample1(inti){intintArray[10]={1,2,3,4,5,6,7,8,9,10};int*intPointer=intArray;// BAD: the offset is already automatically scaled by sizeof(int),// so this code will compute the wrong offset.return*(intPointer+(i*sizeof(int)));}intexample2(inti){intintArray[10]={1,2,3,4,5,6,7,8,9,10};int*intPointer=intArray;// GOOD: the offset is automatically scaled by sizeof(int).return*(intPointer+i);}

References¶

Common Weakness Enumeration: CWE-468.

© GitHub, Inc.
Terms
Privacy