Re: BUG #4724: Array index out of bounds

Ett Martin wrote:

> I have checked the sources with a static code analysis tool cppcheck:
>
> cppcheck  -q -a -j2 postgresql-8.3.7
> [postgresql-8.3.7/contrib/cube/cube.c:1418]: (all) Array index out of
> bounds
> [postgresql-8.3.7/contrib/cube/cube.c:1437]: (all) Array index out of
> bounds

Have you then verified that the complaint is actually valid? Static
analysis tools only point out places where you might want to look.

It's common in C to do things like:

struct block {
   block *next;
   size_t blockdata_size;
   uint8_t blockdata[0];
}

where you allocate a `block' structure using something like:

block* alloc_block(size_t numbytes)
{
  return (block*)(malloc(sizeof(block)+numbytes));
}

Because C permits indexing past the end of an array, you can then safely
and legally access your allocated memory past the block header with
things like:

  someblock->blockdata[11];

Static analysis tools won't realise what's going on, and will complain.
I'd say after a quick glance that that's what's happening here, though
I'm far from certain.

--
Craig Ringer