Warning C26485

Expression 'array-name': No array to pointer decay (bounds.3).


Like C26481, this check helps to enforce the C++ Core Guidelines rule I.13: Do not pass an array as a single pointer. The rule detects places where static array type information is lost from decay to a raw pointer. The zstring and czstring types aren't excluded.

C26481 and C26485 come from the Bounds Safety Profile rules. These rules were implemented in the first release of the C++ Core Guidelines Checker. They're applicable to the raw pointers category since they help to avoid unsafe use of raw pointers.


This sample results in two warnings for array to pointer decay in the call to memcpy.

// c26485_bad.cpp
// compile using:
// set Esp.Extensions=CppCoreCheck.dll
// cl /W4 /EHsc /permissive- /analyze /analyze:plugin EspXEngine.dll /analyze:ruleset "%VSINSTALLDIR%\Team Tools\Static Analysis Tools\Rule Sets\CppCoreCheckBoundsRules.ruleset" c26485_bad.cpp
#include <cstring>
constexpr int array_length = 10;

int main() noexcept
    int const from_array[array_length] = { 4, 3, 2, 1, 0, 9, 8, 7, 6, 5 };
    int to_array[array_length] = {};

    if (nullptr != memcpy(to_array, from_array, sizeof(int) * array_length))
        return 0;
    return 1;

To address this issue, avoid calls that take pointer parameters, but don't manage bounds information. Use of such functions is often error-prone. Prefer C++ standard library calls to C runtime library functions. Consider using gsl::span or std::vector in your own functions. An explicit cast to the decayed pointer type prevents the warning, but it doesn't prevent buggy code.