LANG.STRUCT.PARITH : Pointer Arithmetic

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

A +, -, +=, or -= operator is applied to an expression of pointer type.

Exception: pointer subtraction between two pointers will not trigger a warning of this class.

Class Name

Pointer Arithmetic

Significance

style

Mnemonic

LANG.STRUCT.PARITH

Categories

MisraC2023	MisraC2023:18.1	A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand
	MisraC2023:18.2	Subtraction between pointers shall only be applied to pointers that address elements of the same array
	MisraC2023:18.4	The +, -, += and -= operators should not be applied to an expression of pointer type
Misra2012	Misra2012:18.1	A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand
	Misra2012:18.2	Subtraction between pointers shall only be applied to pointers that address elements of the same array
	Misra2012:18.4	The +, -, += and -= operators should not be applied to an expression of pointer type
Misra2004	Misra2004:17.1	Pointer arithmetic shall only be applied to pointers that address an array or array element
	Misra2004:17.2	Pointer subtraction shall only be applied to pointers that address elements of the same array
	Misra2004:17.4	Array indexing shall be the only allowed form of pointer arithmetic
AUTOSARC++14	AUTOSARC++14:A5-0-4	Pointer arithmetic shall not be used with pointers to non-final classes.
	AUTOSARC++14:M5-0-15	Array indexing shall be the only form of pointer arithmetic.
	AUTOSARC++14:M5-0-16	A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array.
MisraC++2008	MisraC++2008:5-0-15	Array indexing shall be the only form of pointer arithmetic.
	MisraC++2008:5-0-16	A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array.
MisraC++2023	MisraC++2023:8.7.1	Pointer arithmetic shall not form an invalid pointer
CWE	CWE:823	Use of Out-of-range Pointer Offset
CERT-C	CERT-C:ARR30-C	Do not form or use out-of-bounds pointers or array subscripts
	CERT-C:ARR37-C	Do not add or subtract an integer to a pointer to a non-array object
	CERT-C:ARR39-C	Do not add or subtract a scaled integer to a pointer
	CERT-C:EXP08-C	Ensure pointer arithmetic is used correctly
	CERT-C:MEM35-C	Allocate sufficient memory for an object
CERT-CPP	CERT-CPP:CTR50-CPP	Guarantee that container indices and iterators are within the valid range
	CERT-CPP:CTR56-CPP	Do not use pointer arithmetic on polymorphic objects
JSF++	JSF++:211	Algorithms shall not assume that shorts, ints, longs, floats, doubles or long doubles begin at particular addresses.
	JSF++:215	Pointer arithmetic will not be used.
OWASP-2017	OWASP-2017:A8	Insecure deserialization
OWASP-2021	OWASP-2021:A8	Software and data integrity failures

Availability

Available for C and C++.

Enabling

Checks for this warning class are disabled by default, and require the unnormalized C ASTs for the project. To enable them, add the following WARNING_FILTER rule and RETAIN_UNNORMALIZED_C_AST specification to the project configuration file.

RETAIN_UNNORMALIZED_C_AST = Yes
WARNING_FILTER += allow class="Pointer Arithmetic"

Note that retaining the unnormalized ASTs will increase the disk space used to store the project representation, and may make the analysis take longer.

void * use_pointers(int *ptra, int *ptrb, int *ptrc);
void * use_ints(int x, int y);

void lang_struct_parith(int *p, int i)
{
    int *p1, *p2, *p3;
    int a, b;
        
    p1 = p + i;    /* 'Pointer Arithmetic' warning issued here */
    p2 = i + p;    /* 'Pointer Arithmetic' warning issued here */
    p2 += i;       /* 'Pointer Arithmetic' warning issued here */
    p2++;                      /* operator is not -, +, +=, or -= */
    p3 = *(p - 5); /* 'Pointer Arithmetic' warning issued here */
    p3 -= 4;       /* 'Pointer Arithmetic' warning issued here */
    a = *p - 5;                /* '-' operands are not pointers */                 
    b = p1 - p;                /* exception case: subtraction between two pointers */
    b += 5;                    /* '+=' operands are not pointers */

    use_ints(a,b);
    use_pointers(p1, p2, p3);
}

The following configuration file parameters affect checks for this warning class.

LANG.STRUCT.PARITH : Pointer Arithmetic

Summary

Properties

Example

Relevant Configuration File Parameters