Coverity reports on possible overruns of static arrays

Michael Stefaniuc mstefani at redhat.com
Thu Nov 16 04:08:09 CST 2006


Hey,

Paul Vriens wrote:
> we have quite a few places in the code where we do:
> 
> WCHAR param[any-value];
> 
> len = sizeof(param) / sizeof(WCHAR);
And there lies the next potential bug. If somebody changes the type of
param this will result in a wrong length. For this reason the Linux
Kernel guys are replacing all those constructs with a macro ARRAY_SIZE

#define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0]))

Thought about doing that for Wine too but have to ask Alexandre first if
he would accept such patches.

> param[len] = '\0';
> 
> and of course more-or-less the same for CHAR arrays.
> 
> This could lead (and the example does) to writing behind the end of
> param.
> 
> I've submitted two patches for this, but I'm not sure just doing:
> 
> param[len - 1] = '\0'; 
> 
> is the correct/good approach.
> 
> Any idea's?
If this is such a common operation why not create a macro for that too.
Something like

#define ARRAY_ZERO_LAST(x) ((x)[ARRAY_SIZE(x)-1] = '\0')

bye
	michael
-- 
Michael Stefaniuc               Tel.: +49-711-96437-199
Sr. Network Engineer            Fax.: +49-711-96437-111
Red Hat GmbH                    Email: mstefani at redhat.com
Hauptstaetterstr. 58            http://www.redhat.de/
D-70178 Stuttgart



More information about the wine-devel mailing list