C and C++

LANG.STRUCT.PBB : Pointer Before Beginning of Object

Summary

A variable takes on a value that is a pointer to a position before the beginning of an object.

Such a value is not necessarily problematic unless the pointer is subsequently dereferenced (at which point CodeSonar will issue a Buffer Underrun or Type Underrun warning), but it is potentially suspicious.

Properties

Class Name Pointer Before Beginning of Object
Significance style
Mnemonic LANG.STRUCT.PBB
Categories
MisraC2023 MisraC2023:1.3 There shall be no occurrence of undefined or critical unspecified behaviour
  MisraC2023:18.1 A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand
  MisraC2023:18.2 Subtraction between pointers shall only be applied to pointers that address elements of the same array
Misra2012 Misra2012:1.3 There shall be no occurrence of undefined or critical unspecified behaviour
  Misra2012:18.1 A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand
  Misra2012:18.2 Subtraction between pointers shall only be applied to pointers that address elements of the same array
Misra2004 Misra2004:17.1 Pointer arithmetic shall only be applied to pointers that address an array or array element
  Misra2004:17.2 Pointer subtraction shall only be applied to pointers that address elements of the same array
AUTOSARC++14 AUTOSARC++14:M5-0-16 A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array.
MisraC++2008 MisraC++2008:5-0-16 A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array.
MisraC++2023 MisraC++2023:4.1.3 There shall be no occurrence of undefined or critical unspecified behaviour
  MisraC++2023:8.7.1 Pointer arithmetic shall not form an invalid pointer
CWE CWE:465 Pointer Issues
  CWE:823 Use of Out-of-range Pointer Offset
TS17961 TS17961:5.21-invptr 5.21. Forming or using out-of-bounds pointers or array subscripts
CERT-C CERT-C:ARR30-C Do not form or use out-of-bounds pointers or array subscripts
  CERT-C:ARR37-C Do not add or subtract an integer to a pointer to a non-array object
  CERT-C:ARR39-C Do not add or subtract a scaled integer to a pointer
  CERT-C:EXP08-C Ensure pointer arithmetic is used correctly
  CERT-C:MEM35-C Allocate sufficient memory for an object
CERT-CPP CERT-CPP:CTR50-CPP Guarantee that container indices and iterators are within the valid range
JSF++ JSF++:211 Algorithms shall not assume that shorts, ints, longs, floats, doubles or long doubles begin at particular addresses.
OWASP-2017 OWASP-2017:A8 Insecure deserialization
OWASP-2021 OWASP-2021:A8 Software and data integrity failures
Availability Available for C and C++.
Enabling Checks for this warning class are disabled by default. To enable them, add the following WARNING_FILTER rule to the project configuration file. 
WARNING_FILTER += allow class="Pointer Before Beginning of Object"

Example 

void lang_struct_pbb(void){
    int A[10];
    int *q = &A[0] - 1; /* 'Pointer Before Beginning of Object' warning issued here */

    /* ... remainder of function */
}

Relevant Configuration File Parameters

The following configuration file parameters affect checks for this warning class.