Bug Buster 001: Can You Bust the Bug?

WEBINAR: On-demand webcast

How to Boost Database Development Productivity on Linux, Docker, and Kubernetes with Microsoft SQL Server 2017 REGISTER >

Bug Buster

Sponsored by Rogue Wave, maker of Klocwork

How good are you at finding bugs in code? The following is a code snippet that contains an error. Take a look at the code listing and see if you can find the error. To make it easier, we've listed five options. One of those options is correct while the other four are not.

Can you find the error without looking at the choices?

Bug Buster #001

Here is the first Bug Buster:

The code:

char letters_array[26];
for( int i = 0; i <= 26; i++ )
          letters_array[i] = (char)(i + 64); 

cout << letters_array[1] << letters_array[18];
cout << letters_array[3] << letters_array[3];

Your choices:

The char cast in the third line causes a type-mismatch error. You can't do (char) (i + 64)
The for loop is infinite.
There is a buffer overflow for the letters_array array.
letters_array is not initialized before it is used.
Nothing is wrong. The code works fine.

 

How quickly can you find the issue? Feel free to comment on how quickly you found the issue! We will be posting additional snippets over the coming weeks with additional bugs for you to bust. You can click to the next page to find the answer.

Bug Buster 1: Answer

WEBINAR: On-demand webcast

How to Boost Database Development Productivity on Linux, Docker, and Kubernetes with Microsoft SQL Server 2017 REGISTER >

The letters_array is declared with 26 items, thus is valid with indexes from 0 to 25. The <= in the third line will allow the index of 26 to be used, thus pointing to the 27th element. This is a buffer overflow error. How long did it take you to find the issue?

In a short listing like this, the buffer overflow is pretty easy to find. In a listing with thousands of lines of code, this can get a lot harder. Buffer overflows are just one of the errors that a static code analysis tool like Rogue Wave’s Klocwork can find quickly, thus saving you time.



Comments

  • There are no comments yet. Be the first to comment!

Leave a Comment
  • Your email address will not be published. All fields are required.

Top White Papers and Webcasts

  • On-demand webcast Continuous integration and continuous deployment (CI/CD) allow DevOps teams to be more efficient. When starting from a production environment, the use of Microsoft SQL Server 2017 in Docker containers and Kubernetes clusters can facilitate a DevOps CI/CD pipeline. Using SQL Server tools also allows you to easily integrate core DevOps application lifecycle management practices to database development. Watch this on-demand presentation to learn how defining the database dependency as …

  • Testing full recoveries of IT environments requires a proven methodology. Establishing and meeting recovery time objectives (RTOs), configuring a cloud recovery system, and tracking your changing environment are all critical components of a successful cloud recovery operation. It's also important to establish and follow a set of cloud disaster recovery (CDR) best practices. Read this technical guide to learn about these best practices, along with how disaster recovery as a service (DRaaS) can help you complete …

Most Popular Programming Stories

More for Developers

RSS Feeds

Thanks for your registration, follow us on our social networks to keep up-to-date