ansaurus

Question

When are global static const variables being initialized?

Answer 1

A:

It looks to be a false positive.

ckv 2010-06-21 08:13:20

Answer 2

+1 A:

It is a false positive. strlen is probably abstracted as returning an unknown positive number, so that when analyzing the pattern memcpy(dest,src,strlen(src)); the analyzer does not realize that the reading part of the copy is safe as soon as src is a well-formed string.

If you were using strcpy, the analyzer would probably conclude that it's okay in this case. Do you have a reason not to? The function strcpy is considered "unsafe" but your memcpy(..,src,strlen(src)) is quite unsafe too.

EDIT: Also, sellibitze raises a very good point in the comments: the const attribute in the original code only applies to the chars pointed by gText and not to gText itself.

Pascal Cuoq 2010-06-21 08:16:01

thank you. strcpy doesn't solve this, but I conditioned the copying to be done only if the length is not bigger than the bounds. Thanks!

IUnknownPointer 2010-06-21 09:35:58

Answer 3

+1 A:

I would argue it is not a false positive. There is a potential risk that somebody could come along and change the length of gText without realising that it cannot be over 32 characters. I would definitely put some sort of check in before the memcpy to make sure there cannot be a buffer overrun.

e.g.

char xText[32];
SecureZeroMemory(xText, 32);
size_t lenToCopy = MIN(strlen(gText), 32);
memcpy(xText, gText, lenToCopy);

Also I'd replace the magic number 32 with a constant.

JeremyP 2010-06-21 09:03:32

I commented on a very similar remark and the answer was deleted by its author. So I will not repeat the same thing again, but since you have decided to work with all possible values of `gText`, why assume that `gText` is a well-formed string (it is illegal to call `strlen` on a char array that is not a well-formed string)?

Pascal Cuoq 2010-06-21 09:15:53

And the `32` in `MIN(..,32)` should be `31` if `xText` is supposed to contain a well-formed string after the copy.

Pascal Cuoq 2010-06-21 09:19:23

@Pascal: The use of memcpy rather than a string function implies to me that the intention was to get something that would be treated as a fixed size block of bytes rather than a C string. That's why I set the limit to 32. Were I trying to duplicate a string, I would use strncpy (or equivalent) to do it - or as this is C++ std::string.

JeremyP 2010-06-21 09:29:35

Thank you. But, as a BKM rule, don't do partial copies. Never. It may cause strange results which will be hard to find the root cause. return an error code\ throw an exception instead.

IUnknownPointer 2010-06-21 09:38:11

@IUnknownPointer: JeremyP rule: programming can't be done successfully by sticking to rigid rules all the time. You need to use intelligence. They're not rules, they're more like guidelines.In this case, there was no clue as to your intent. Maybe you had some reason to want only the first 32 characters of a string to put in some header for some network protocol.

JeremyP 2010-06-22 07:23:10

Thanks :) http://www.auditmypc.com/acronym/bkm.asp

IUnknownPointer 2010-06-22 14:18:20

ansaurus

tags:

views:

answers:

When are global static const variables being initialized?

related questions