C / C++ / MFC
|I wrote a small demonstration of the issue. Peter and Paul are writing ticketing system software and Peter makes a mistake swapping two variables and creating a negative number which is passed as an unsigned integer to Paul.
Paul makes a mistake thinking an unsigned int will not cause an out of (lower) bounds array access if it passes the test "index >= 0".
Peter makes a mistake, Paul fails to catch it, the memory is potentially corrupted and undefined behavior results. That's the PRINCIPLE the code is meant to demonstrate, which is the only purpose of this code.
As an alternative I put in a boundary check based on the address the index would have us access and the addresses of the first and last members of the array. I think that's a better approach. It should match the way the array is accessed exactly and it should be completely independent of variable size, type, typecasting, and bitwise representation.
As an aside, VS on the maximum warning level does not warn for the ints passed to the function that was declared with unsigned ints. Also, the compiler can't foresee that a negative value will be passed to the function because the sign of that variable is determined at run time.
//Paul writes this code
int get_available_seat_count(unsigned int *seating_counts, unsigned int row_index, unsigned int num_rows, unsigned int seats_per_row)
if(row_index < 0)
printf("row_index < 0: TRUE\n");
printf("row_index < 0: FALSE\n");
if(&seating_counts[row_index] < &seating_counts)
printf("Array minimum boundary violation, index is %d\n", row_index);
if(&seating_counts[row_index] > &seating_counts[num_rows-1])
printf("Array maximum boundary violation, index is %d\n", row_index);
return seats_per_row - seating_counts[row_index];
//Peter writes this code
//row 0 is the back of the theater, row[num_rows-1] is at the stage
int num_rows = 12;
int seats_per_row = 40;
unsigned int seating_counts;
//set the current state of the theater:
for(i = 0; i < num_rows; i++)
seating_counts[i] = (unsigned int)rand() % seats_per_row;
printf("Customer: are there any seats available in the third row from the stage?\n\n");
row_index = 3;
//rows are stored in reverse order from customer request, subtract row_index to get offset
n_available_seats = get_available_seat_count(seating_counts, row_index - num_rows, num_rows, seats_per_row);
printf("\nTeller: there are %d seats available in that row\n", n_available_seats);
Quote:Customer: are there any seats available in the third row from the stage?
row_index < 0: FALSE
Array minimum boundary violation, index is -9
Teller: there are 858993500 seats available in that row
General News Suggestion Question Bug Answer Joke Praise Rant Admin
Use Ctrl+Left/Right to switch messages, Ctrl+Up/Down to switch threads, Ctrl+Shift+Left/Right to switch pages.