About data out of bounds

liang · January 18, 2019, 1:26am

Must-share information (formatted with Markdown):

which versions are you using (
SonarQube:sonarqube-6.7.1 (developer-edition-6.7.1.708).
Scanner: sonar-scanner-cli-3.0.3.77.
Plugin: sonar-cfamily-plugin-5.0.0.9359.jar.
and any relevant extension:no)
what are you trying to achieve:I hope that Sonar can help us detect the problem of this array out of bounds.
what have you tried so far to achieve this：I am using C/C++ language,I tried to analyze the following simple code, which has an obvious array out of bounds problem, but sonar did not detect it, no report. This issue is very important to us, I hope that Sonar can detect it.

int testbuff[100] = {0x00};
int n = 0;
for(n=0;n<200;n++)
{
int x = testbuff[-100];
printf(“test err=%d\n”, x);
if(testbuff[n-1] == 0xFF)
{
printf(“test err\n”);
｝
else
{
printf(“test ok\n”);
}
}

mpaladin · January 22, 2019, 9:28am

Hi @liang,

I would recommend you to upgrade to the latest version of sonar-cfamily-plugin which is version 6.0.
In any case, in general we cannot ensure to spot every bug, we do our best to improve our analyzer constantly.

liang · January 22, 2019, 2:42pm

Hi, Massimo Paladin
I have upgraded sonar-cfamily-plugin to version 6.0, which is to replace sonar-cfamily-plugin-5.0.0.9359.jar with the latest sonar-cfamily-plugin-6.0.0.10816.jar. But when using the sonar-scanner, I got an error. The error message is as follows:

INFO: Sensor CFamily [cpp]
INFO: Using build-wrapper output: /usr/local/sonar/bw_output/build-wrapper-dump.json
INFO: Available processors: 2
INFO: Using 1 thread for analysis according to value of “sonar.cfamily.threads” property.
INFO: [pool-3-thread-1] /home/work/testsonar/Code/main.c
/home/work/testsonar/Code/.scannerwork/.sonartmp/3782063778825902925/subprocess: /home/work/testsonar/Code/.scannerwork/.sonartmp/3782063778825902925/subprocess: cannot execute binary file
ERROR: Exception in thread pool-3-thread-1
java.lang.IllegalStateException: exit code != 0
at com.sonar.cpp.N.E.A(na:869)
at com.sonar.cpp.N.E.A(na:444)
at com.sonar.cpp.plugin.R.A(na:2250)
at com.sonar.cpp.N.F.B(na:50)
at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)
at java.util.concurrent.FutureTask.run(FutureTask.java:266)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1149)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:624)
at java.lang.Thread.run(Thread.java:748)

INFO: ------------------------------------------------------------------------
INFO: EXECUTION FAILURE
INFO: ------------------------------------------------------------------------
INFO: Total time: 10.350s
INFO: Final Memory: 62M/147M
INFO: ------------------------------------------------------------------------
ERROR: Error during SonarQube Scanner execution
java.lang.IllegalStateException: java.lang.IllegalStateException: exit code

Am I doing something wrong?

mpaladin · January 22, 2019, 5:12pm

Hi @liang,

are you try to run on 32 bits machine? Version 6.0 of the sonar-cfamily-plugin doesn’t support anymore 32 bits machines.

liang · January 23, 2019, 9:17am

My sonarqube is running under the 64-bit win10 system, but my sonar-scanner is running on a 32-bit Linux system. Is this OK?

mpaladin · January 23, 2019, 9:33am

Hi @liang,

sonar-scanner should be ran from 64 bit machine, OS at choice between linux, windows and macos.