HP Code Advisor Diagnostics Reference Guide (5900-1865, July 2011)
A local variable's address is being returned and dereferenced in the caller, or allocated memory
is being returned and used in the caller or a variable defined in the inner scope is being accessed
indirectly in the enclosing scope. Use of local variable outside its scope can lead to unexpected
behavior.
Example:
#include<stdio.h>
int foo()
{
int *p;
{
int q;
scanf("%d", &q);
p = &q;
}
// out of scope reference to q
return *p;
}
int main()
{
int result = foo();
return result;
}
"oos.c", line 11, procedure foo: warning #20203-D: Potential out of scope use
of local variable q
Action:
Check that the local variable mentioned in the diagnostic does not have its address taken and
returned to the caller function or an allocated memory pointer is not returned to the caller.
Reference:
2.167 20206 Out of bound access (%s)
Cause:
The expression is accessing out of object's memory boundary. The object could be an array, a
heap memory buffer, or a string.
Example:
#include <string.h>
char buf[12];
struct A {
int f1;
int f2;
};
int i;
struct A a;
void foo()
{
char c = 'd';
i = *(int *)&c; // LINE 12
memset(buf, 0, 21); // LINE 13
memset(&a.f1, 0, sizeof(a)); // LINE 14
}
line 12, procedure foo: warning #20206-D: Out of bound access (In
expression "memset( (char*)buf, 0, 21 )", variable "buf" [j.c:2]
(type: char [12]) has byte range [0 .. 11], writing byte range [0
..20].)
line 13, procedure foo: warning #20206-D: Out of bound access (In
expression "*(int*)&c", variable "c" [j.c:11] (type: char ) has 1
byte, reading byte range [0 .. 3].)
line 14, procedure foo: warning #20206-D: Out of bound access (In
expression "memset( (char*)&(&a)->f1, 97, 8 )", &(&a)->f1 (type:
int) has byte range [0 .. 3], writing byte range [0 .. 7].)
Action:
Fix the out of bounds access if it is a real bug. Change the code to remove out of bound access
if it is false positive. i = c; memset(buf, 0, sizeof(buf); memset(&a, 0, sizeof(a));
2.167 20206 Out of bound access (%s) 75