Custom assert not beign detected by sonar

Hi guys,

I’m getting sonar errors that describe out of bound memory access. My code checks for the validity of the index with a custom made assert function. If the assert doesn’t pass, the execution of the code is blocked in an infinite while loop.

For example:

#define TEXT_SIZE = 4

char text[TEXT_SIZE] = { };
uint8_t i = 4;

ASSERT(i<4, "Index out of range");
char dummy = text[i];

In the above example, assuming that the assert calls an infinite loop, the last line will never be executed.

The sonar scanner doesn’t understand this situation and gives me a cpp:S3519 out of bound memory error.

The ASSERT macro in my codebase calls a function that saves some data and then enters in a while(true) loop.

Can I do something about it?

Environment

  • Bitbucket Cloud
  • Bamboo
  • C++
  • embedded

Hi @MCMattia and welcome to our community!

To understand your situation I will need a little more context. I have tried to encode what you are telling me into a complete compilable code example:

#define TEXT_SIZE 4
#define ASSERT(cond, msg) if (!(cond)) while (true)

void top() {
    char text[TEXT_SIZE] = { };
    int i = 4;

    ASSERT(i<4, "Index out of range");
    char dummy = text[i];
}

The issue of rule S3519 is correctly suppressed. So to understand why you see a S3519 issue report, and what you can do about it, let’s do the following:

  • Search in the analysis log for the full path of the source file for which you want to create a reproducer - the file that contains the false-positive. You will have to use exactly this name (same case, / or \…)
  • Add the reproducer option to the scanner configuration:
    sonar.cfamily.reproducer=“Full path to the .cpp”
  • Re-run the scanner to generate a file named sonar-cfamily.reproducer in the project folder.
  • Share this file privately by replying to the private message I’ve sent you.

P.S. in case of an issue in a header file, you want to generate the reproducer of the source file that includes that header.

1 Like