VS2015: [C6386] Buffer Overrun while writing (even for same index value)

Question

I'm trying to implement merge sort in C when I came across something interesting raised by [Analyze -> Run Code Analysis] in Visual Studio 2015.

The code is as follows:

void MergeSort_r(int A[], int n)
{
    // A = {1, 3, 2}
    // n = 3
    int rightCount;
    int* R;

    if ( n < 2 ) return;

    // version 1: rightCount = 2
    rightCount = n - (n/2);

    // version 2: rightCount = 2
    rightCount = n - 1;

    R = ( int* ) malloc( rightCount * sizeof( int ) );

    if ( R ) {
        for ( int i = 0; i < rightCount; i++ ) {
            R[i] = A[i];
        }

    free( R );
    }

}

Even though both version of rightCount essentially evaluates to 2, in the first version, I get the warning:

"Buffer overrun while writing to 'R': the writable size is '(unsigned int)rightCount*sizeof(int)' bytes, but '8' bytes might be written."

Any idea why this is the case? Looking forward to hear your answers.

Answer 1

Visual C++ Code Analysis toolset may not always offer the best warnings. It tries to give you the best set of warnings to fix some potential issues/errors that may creep in at runtime. You have a few options:

• Disable the given warning around the code using #pragma directive.
• Use C++ constructs: new, make_unique etc.
• (Not recommended) is to ignore the warning altogether and move on.

You should ideally always user newer smart pointers primitives like unique_ptr, shared_ptr etc. They not only allocate memory for you but deallocate on any exception thrown across the call stack. You don't need to type * at all!

auto buffer = make_unique<int[]>(10); // 10 integers

Answer 2

Your code is fine and tools(especially analyzers) have their drawbacks — sometimes they generate false-positives. That's one of it. BTW, I checked your code on MSVS2015 and it gives me no warnings.