CERT C: Rule ARR36-C

Do not subtract or compare two pointers that do not refer to the same array

expand all in page

Description

Rule Definition

Do not subtract or compare two pointers that do not refer to the same array.¹

Polyspace Implementation

The rule checker checks for Subtraction or comparison between pointers to different arrays.

Examples

expand all

Subtraction or comparison between pointers to different arrays

Issue

Subtraction or comparison between pointers to different arrays occurs when you subtract or compare pointers that are null or that point to elements in different arrays. The relational operators for the comparison are >, <, >=, and <=.

Risk

When you subtract two pointers to elements in the same array, the result is the difference between the subscripts of the two array elements. Similarly, when you compare two pointers to array elements, the result is the positions of the pointers relative to each other. If the pointers are null or point to different arrays, a subtraction or comparison operation is undefined. If you use the subtraction result as a buffer index, it can cause a buffer overflow.

Fix

Before you subtract or use relational operators to compare pointers to array elements, check that they are non-null and that they point to the same array.

Example - Subtraction Between Pointers to Elements in Different Arrays

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define SIZE20 20

size_t func(void)
{
    int nums[SIZE20];
    int end;
    int *next_num_ptr = nums;
    size_t free_elements;
	/* Increment next_num_ptr as array fills */
	
	/* Subtraction operation is undefined unless array nums 
	is adjacent to variable end in memory. */
    free_elements = &end - next_num_ptr;  //Noncompliant
    return free_elements;
}

In this example, the array nums is incrementally filled. Pointer subtraction is then used to determine how many free elements remain. Unless end points to a memory location one past the last element of nums, the subtraction operation is undefined.

Correction — Subtract Pointers to the Same Array

Subtract the pointer to the last element that was filled from the pointer to the last element in the array.

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#define SIZE20 20

size_t func(void)
{
    int nums[SIZE20];
    int *next_num_ptr = nums;
    size_t free_elements;
	/* Increment next_num_ptr as array fills */
	
	/* Subtraction operation involves pointers to the same array. */
    free_elements = &(nums[SIZE20 - 1]) - next_num_ptr;  
	
    return free_elements + 1;
}

Check Information

Group: Rule 06. Arrays (ARR)

Version History

Introduced in R2019a

expand all

R2023a: Pointer subtraction or comparison involving outputs of stubbed function no longer ignored

Polyspace^® reports violations of this rule even if you use the output of a stubbed function to perform a pointer subtraction or pointer comparison operation. For instance, in this code, the pointer ptr is returned by the function get_ptr():

int32_t *ptr = get_ptr ( );
int32_t a1[ 10 ];
int32_t *p1 = &a1[ 1 ];
int32_t diff = ptr - p1;   //Noncompliant

Because the function get_ptr() lacks a body, Polyspace treats it as a stubbed function. Polyspace no longer ignores pointer arithmetic operations or pointer comparison operations when one of the operands is the output of the stubbed function. In this case, because get_ptr() is called before p1 is declared, the pointers ptr and p1 cannot point to the same array. Polyspace reports a violation.

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.