V541. It is dangerous to print a string into itself.

The analyzer detected a potential error: a string gets printed inside itself. This may lead to unexpected results.

Look at this sample:

char s[100] = "test";
sprintf(s, "N = %d, S = %s", 123, s);

In this code, the 's' buffer is used simultaneously as a buffer for a new string and as one of the elements making up the text. The programmer intends to get this string:

N = 123, S = test

But actually this code will cause creating the following string:

N = 123, S = N = 123, S =

In other cases, such code can lead not only to the output of incorrect text, but also to the buffer overflow or a program crash. To fix the code, we should use a new buffer to save the result. This is the correct code:

char s1[100] = "test";
char s2[100];
sprintf(s2, "N = %d, S = %s", 123, s1);

According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-628.

You can look at examples of errors detected by the V541 diagnostic.


Bugs Found

Checked Projects
411
Collected Errors
14 100
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site. Learn More →
Accept