I am using HP Fortify to scan my code for possible errors, and this bit of code keeps being flagged as an integer overflow. However, there is no arithmetic being done to warrant an overflow, and argc is bounded by several conditional statements. Despite this, it seems Fortify does not like argc being used to allocate the size of a buffer. I don't think an integer overflow is possible then, in this case, and it may be that this issue is the result of a bug in HP Fortify. Any suggestions as to why Fortify is flagging line 9 as an integer overflow?
1 int main(int argc, char* argv[]) {
2 if ((argc < 0) || (argc > 10)) {
3 cout<< "number of arguments is invalid.";
4 return -1;
5 }
6 cout << "Number of arguments: " << argc << endl;
7
8 if ((argc > 0) && (argc < 10)) {
9 int myArray[argc]; //This line gets flagged as an integer overflow
10 } else {
11 cout<<"Argc is out of bounds."<<endl;
12 return -1;
13 }
14 return 0;
15 }
It was also recommended to me in the comments that I use a dynamic array. Unfortunately this doesn't work either, as Fortify still flags the array initialization as an integer overflow.