The results of the competition held by our company on SECR2015

Our company (OOO “Program Verification LLC”, developer of PVS-Studio) held a competition at the SECR2015 conference. The essence of the competition was to find the most interesting error in its code. In fact, there is nothing to tell about, because exactly 1 person took part in the competition. Nevertheless, a number of people were asked to tell how the contest ended, and I decided to write a tiny note on this topic.

Being one of the sponsors of the SECR2015 conference, we decided to hold a small competition related to the use of PVS-Studio . To this end, each participant was handed an envelope containing instructions, a small chocolate bar and a key for the full use of PVS-Studio for several days.

The first goal of the competition was for some of the conference participants to finally be too lazy and decide to try PVS-Studio on their projects. How this is the case is unknown to us.

The second goal of the competition was to collect code samples with errors and write an interesting article. We understood that not everyone would want to show their code to the public. We would like to offer these people to modify the code beyond recognition. Well, or about them, we generally could not write, but they would still take part in the competition. The winners were awarded prizes (various Gift Cards). Unfortunately, this task just did not work out.
')
So, the competition is over and it's time to take stock. Participation in the competition took a single person. He automatically becomes the winner. Greetings to him:

Alexey Drozdov, company [deleted].

After checking one of the company's projects, he noticed an interesting error related to the use of a nonexistent buffer. Thanks to luck, the error does not manifest itself, but the bug still remains a bug. The essence of the error is demonstrated by the following pseudocode:

const char* ptr = nullptr; while (p < end) { const unsigned int uc = GetValue(*p++); switch (uc) { case 1: ptr = "a"; break; case 2: ptr = "b"; break; case 3: ptr = "c"; break; default: { char buffer[0x100]; ... ptr = buffer; } } } if (ptr) result = ptr; //    'result'   //   

Error detected by diagnosing V507 . The program uses a buffer that ceases to exist after exiting the default block. However, this code is old and has worked successfully for N-years. It's all about luck. Visual C ++ allocates a place on the stack for all arrays / variables on the stack and does not reuse the allocated memory. However, as you understand, this is luck for the time being.

We thank Alexey and give him a prize (a $ 200 gift card).

PS At the moment there is a new contest " Photo casting with PVS-Studio unicorn ". In a nutshell: we offer to take pictures with our unicorn and participate in a photo contest. I invite all our fans to participate.