About data out of bounds

sonarcfamily

(dailiangqiang) #1

Must-share information (formatted with Markdown):

  • which versions are you using (
    SonarQube:sonarqube-6.7.1 (developer-edition-6.7.1.708).
    Scanner: sonar-scanner-cli-3.0.3.77.
    Plugin: sonar-cfamily-plugin-5.0.0.9359.jar.
    and any relevant extension:no)
  • what are you trying to achieve:I hope that Sonar can help us detect the problem of this array out of bounds.
  • what have you tried so far to achieve this:I am using C/C++ language,I tried to analyze the following simple code, which has an obvious array out of bounds problem, but sonar did not detect it, no report. This issue is very important to us, I hope that Sonar can detect it.

int testbuff[100] = {0x00};
int n = 0;
for(n=0;n<200;n++)
{
int x = testbuff[-100];
printf(“test err=%d\n”, x);
if(testbuff[n-1] == 0xFF)
{
printf(“test err\n”);

else
{
printf(“test ok\n”);
}
}


(Massimo Paladin) #3

Hi @liang,

I would recommend you to upgrade to the latest version of sonar-cfamily-plugin which is version 6.0.
In any case, in general we cannot ensure to spot every bug, we do our best to improve our analyzer constantly.


(dailiangqiang) #4

Hi, Massimo Paladin
I have upgraded sonar-cfamily-plugin to version 6.0, which is to replace sonar-cfamily-plugin-5.0.0.9359.jar with the latest sonar-cfamily-plugin-6.0.0.10816.jar. But when using the sonar-scanner, I got an error. The error message is as follows:

INFO: Sensor CFamily [cpp]
INFO: Using build-wrapper output: /usr/local/sonar/bw_output/build-wrapper-dump.json
INFO: Available processors: 2
INFO: Using 1 thread for analysis according to value of “sonar.cfamily.threads” property.
INFO: [pool-3-thread-1] /home/work/testsonar/Code/main.c
/home/work/testsonar/Code/.scannerwork/.sonartmp/3782063778825902925/subprocess: /home/work/testsonar/Code/.scannerwork/.sonartmp/3782063778825902925/subprocess: cannot execute binary file
ERROR: Exception in thread pool-3-thread-1
java.lang.IllegalStateException: exit code != 0
at com.sonar.cpp.N.E.A(na:869)
at com.sonar.cpp.N.E.A(na:444)
at com.sonar.cpp.plugin.R.A(na:2250)
at com.sonar.cpp.N.F.B(na:50)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)

INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 10.350s
INFO: Final Memory: 62M/147M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
java.lang.IllegalStateException: java.lang.IllegalStateException: exit code

Am I doing something wrong?


(Massimo Paladin) #5

Hi @liang,

are you try to run on 32 bits machine? Version 6.0 of the sonar-cfamily-plugin doesn’t support anymore 32 bits machines.


(dailiangqiang) #6

My sonarqube is running under the 64-bit win10 system, but my sonar-scanner is running on a 32-bit Linux system. Is this OK?


(Massimo Paladin) #7

Hi @liang,

sonar-scanner should be ran from 64 bit machine, OS at choice between linux, windows and macos.