Warning C26485
Expression 'array-name': No array to pointer decay (bounds.3).
Remarks
Like C26481, this check helps to enforce the C++ Core Guidelines rule I.13: Do not pass an array as a single pointer. The rule detects places where static array type information is lost from decay to a raw pointer. The zstring
and czstring
types aren't excluded.
C26481 and C26485 come from the Bounds Safety Profile rules. These rules were implemented in the first release of the C++ Core Guidelines Checker. They're applicable to the raw pointers category since they help to avoid unsafe use of raw pointers.
Example
This sample results in two warnings for array to pointer decay in the call to memcpy
.
// c26485_bad.cpp
// compile using:
// set Esp.Extensions=CppCoreCheck.dll
// cl /W4 /EHsc /permissive- /analyze /analyze:plugin EspXEngine.dll /analyze:ruleset "%VSINSTALLDIR%\Team Tools\Static Analysis Tools\Rule Sets\CppCoreCheckBoundsRules.ruleset" c26485_bad.cpp
#include <cstring>
constexpr int array_length = 10;
int main() noexcept
{
int const from_array[array_length] = { 4, 3, 2, 1, 0, 9, 8, 7, 6, 5 };
int to_array[array_length] = {};
if (nullptr != memcpy(to_array, from_array, sizeof(int) * array_length))
return 0;
return 1;
}
To address this issue, avoid calls that take pointer parameters, but don't manage bounds information. Use of such functions is often error-prone. Prefer C++ standard library calls to C runtime library functions. Consider using gsl::span
or std::vector
in your own functions. An explicit cast to the decayed pointer type prevents the warning, but it doesn't prevent buggy code.