Visual Studio 2015 Code Analysis C6386 Warns of Buffer Overrun

Any way to avoid warning C6386, without disabling it or Code Analysis altogether

I really want to thank everybody for their contributions and I agree that it is a bug in the Code Analyzer (by looking on Microsoft web sites it has been "Closed - Lower Priority" two years ago...).

Adrian Mole max(n, 0) trick points to a way for coping with the warning in code, that is checking that n is greater than zero. The funny thing is that you can still use that zero for what n was supposed to be used. While the idea could be used for experienced programmers (that would probably disable the warning), as John Bollinger points out, it's not for students.

So, after telling the students that it's a bug and how to turn off the Code Analysis squiggles or disable the warning, I'd go with

int *test(size_t n)
{
    if (n == 0) {
        return NULL;
    }
    int *v = malloc(n * sizeof(int));
    if (v == NULL) {
        return NULL;
    }
    for (size_t i = 0; i < n; ++i) {
        v[i] = i;
    }
    return v;
}

Which may also be interpreted as: don't allow 0 elements allocation.

VS2015: [C6386] Buffer Overrun while writing (even for same index value)

Visual C++ Code Analysis toolset may not always offer the best warnings. It tries to give you the best set of warnings to fix some potential issues/errors that may creep in at runtime. You have a few options:

• Disable the given warning around the code using #pragma directive.
• Use C++ constructs: new, make_unique etc.
• (Not recommended) is to ignore the warning altogether and move on.

You should ideally always user newer smart pointers primitives like unique_ptr, shared_ptr etc. They not only allocate memory for you but deallocate on any exception thrown across the call stack. You don't need to type * at all!

auto buffer = make_unique<int[]>(10); // 10 integers

Why does this code emit buffer overrun warnings(C6385/C6386) in code analysis on Visual Studio 2012?

g++ 4.8 and clang++ 3.3 compile this without warning or error (using -Wall -Werror). In fact, we can use C++11's std::array and its at method to get bounds checking, and

#include <array>

int main() {
  unsigned int k = 1U, seed = 12345U;
  std::array<int,55> randomNumbers;

  randomNumbers.at(54) = seed;

  for(unsigned int i = 1U; i <= 54U; ++i) {
    unsigned int ii = ((21U * i) % 55U) - 1U;
    randomNumbers.at(ii) = k;
    k = seed - k;
    seed = randomNumbers.at(ii);
  }

  return 0;
}

yields no out-of-bounds accesses, as you claimed. I think your code is fine. VS is worried that the line ((21U * i) % 55U) - 1U) may result in 0 - 1, which will overflow because ii is an unsigned int. If you use ints instead of unsigned ints, does VS still complain?

(Using Python, your index mapping seems fine:

>>> sorted([21*n % 55 - 1 for n in range(1,55)])
[0, 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53]

There shouldn't be any out-of-bounds errors, especially since you won't "reach" -1 using unsigned ints.)

---

Related Topics