May be false-positive of access exceeds upper limit of memory block

we don’t understand why sonar report “access exceeds upper limit of memory block” on the line:" *p==c"

u_char * njt_strlchr(u_char *p, u_char *last, u_char c)
while (p < last) {
if (*p == c) {
       return p;
    return NULL;

Hi @stdanley

I could not reproduce your case.

Could you please generate a reproducer for your specific case so that we could investigate it?
To generate the reproducer file:

  • Search in the analysis log for the full path of the source file for which you want to create a reproducer (for instance, a file that contains a false-positive). You will have to use exactly this name (same case, / or \…)
  • Add the reproducer option to the scanner configuration:
    sonar.cfamily.reproducer=“Full path to the .cpp”
  • Re-run the scanner to generate a file named sonar-cfamily.reproducer in the project folder.
  • Please share this file. If you think this file contains private information, let us know, and we’ll send you a private message that will allow you to send it privately.