VS2019, Code analysis warning: C6385 mystery

This is the full warning in question: warning C6385: Reading invalid data from 'lines': the readable size is '(unsigned int)*4+4' bytes, but '8' bytes may be read. I just (finally) converted a VS2013 project to VS2019, and as part of the cleanup I've been running the code analysis to help me spot issues. Below is a minimalist version of an oddity I found. So here's the case that started the journey. You can assume m_iNumLines is a UINT greater than 0; checking for this and other error conditions (e.g. that the pointer is not NULL) did not eliminate the warning. Simplified for clarity, this is verbatim code that triggered the warning:

void CTestClass::SetText()
{
CString* lines = new CString[m_iNumLines];

for (UINT i = 0; i < m\_iNumLines; i++)
{
    // Case 1: warning C6385: Reading invalid data from 'lines':  the readable size is 
    //         '(unsigned int)\*4+4' bytes, but '8' bytes may be read.
    lines\[i\] = "TestString";
}

delete\[\] lines;

}

I first tried covering every last (even absurd) error case to try and eliminate the warning, but changing lines[i] to *(lines + i) did it:

void CTestClass::SetText()
{
CString* lines = new CString[m_iNumLines];

for (UINT i = 0; i < m\_iNumLines; i++)
{
    // Case 2: No warning
    \*(lines + i) = "TestString";
}

delete\[\] lines;

}

I'm not sure what about handling of CStrings & pointers would make that an improvement. But here's what really baked my noodle. If I leave both lines in - even with the code that triggered thee warning first - I no longer get the warning:

void CTestClass::SetText()
{
CString* lines = new CString[m_iNumLines];

for (UINT i = 0; i < m\_iNumLines; i++)
{
    // Case 3: \*ALSO\* No warning
    lines\[i\] = "TestString";
    \*(lines + i) = "TestString2";
}

delete\[\] lines;

}

I also get no warning if I swapped the order (thinking maybe optimization - even in a debug build - made the first line do nothing). In searching I found others getting this warning also when using CStrings, but in situations much more convoluted than this, and I didn't see how it explained my case. Also I get the same results when using std::string, for what it's worth.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

W∴ Balboos wrote:

The difference is that taking bribes, etc., is actually not an on-the-bench criminal act.

So they likely went to jail for taking the money, rather than wrongfully sentencing people; interesting.

W∴ Balboos wrote:

The case that (if I recall correctly) that got the supreme court ruling had to do with a judge ordering the sterilization of a girl against her will. Even though he had no authority to do so, he was not held liable for willful criminal abuse of his powers. It was long ago.

That particular case does ring a bell. I can understand a degree of protection against lawsuits (or civil suits) brought against judges; but to protect them even when they clearly break the law in their judgements is just alarming. I guess if a judge does it (on the bench (that's what she said!)), it's by definition not illegal? Yikes.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

Sure fire way to get a card blocked, or at least a call from the bank (at least here in the US, mentioned by John Dvorak on This Week in Tech AFTER it had happened to me once): 1. Buy a pair (or two) of shoes. 2. Fill more than one tank of gas on the same card within an hour or so of doing #1 3. Wait for call from bank. The reason? A common pattern for stolen or "found" CC's is that it's by teenagers who then go buy "nice" basketball shoes, then fill up the gas tanks of their car and their friends. I did also get a temporary block when my card was used to book three different hotels in South Korea in three nights. Only problem was that it was actually me on a business trip (and our company has something against business CC's). The first two hotels were on the same block in Seoul, which I'm sure looked odd but was due to scarce rooms during the G20 summit, which was NOT my reason for being there. That's when I learned the "Warn your CC company before you go overseas" rule :) It's actually nice to know the companies know what suspicious activity to look for, though it could get annoying if they get overzealous with it.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

W∴ Balboos wrote:

If I recall correctly, the US Supreme Court ruled that a judge cannot be held criminally liable for the decisions (sentences, for example) he hands down from the bench - even if he knew he was acting illegally.[citation needed]

Judges go to jail for doing other illegal things in court... not sure why this would be any different. Although googling it returns an alarming number of judges who were put away for receiving kickbacks from prisons in return for sentencing people there. That's just messed up.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

James Lonero wrote:

There must be a way to lock the file to keep others from editing it. I believe that TFS has this ability.

SVN didn't used to have that ability, but it does now.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

Richard Deeming wrote:

Yeah, that's not creepy at all.

When some creep hits on a girl, she can no longer claim she's gonna run to the bathroom then run outside instead. Well, unless he's REALLY bad.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

Nicholas Marty wrote:

However there may be cases you haven't foreseen and it suddenly acts up just because "it does exactly what it is told" ;) good examples are the leapyear and summer time / standard time changes

That is a very good point. Kidding aside, I take every report seriously and investigate it as if it may be true. But sometimes it becomes clear very quickly that they're not telling us everything. I won't say there's nothing wrong (until I can prove it) - just that given the info they provide, there is something missing that prevents me from reproducing it. I give them the benefit of the doubt for as long as I can stand it. I let our product support people put it diplomatically.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

ryanb31 wrote:

Often times when my boss tells me of a user reporting an issue I say the user is crazy. There is no way it happened the way they said it did. And sure enough, almost all of the time I am right. When you get them to show you what they did it is often not even close to what they said they had done.

Whenever I'm accosted with some horrendous bug on some simple operation that a user ran into - an operation that has been in the software unmodified for years - I repeatedly say, "There's more to the story. They're not telling us something." "Nope, that's what they're saying." "That can't happen." "They say it is." "It ran for 4 years just fine then suddenly acted up. Did they ever update their software?" "No." "So did the software get rusty? Does it need its oil changed?" "What?" "JUST GET MORE INFO!" Invariably there's either something completely unrelated to what they originally said or they withheld some import information like - and I'm not kidding - rewiring something that just happened to correspond to the day it stopped working. Also, we log everything the customer does, so we can go step by step through what they did. "So, you lowered the alarm threshold at 12:53 PM on Tuesday, and the next time you ran it the alarm went off unexpectedly." Gah.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

ryanb31 wrote:

I have used SVN, Source Safe, and TFS source control and none have been perfect when multiple people work on the same file at the same time.

We've had people edit the same file at the same time using SVN without problems... we usually avoid conflicts though, but if they happen they've always been marked properly. I have other issues with svn though, like the confusing and varied ways to branch and merge branches, though once you have the proper steps figured out it goes ok. What I find odd is having multiple people editing the same section of the same file simultaneously, seemingly intentionally. Why would you do that? That's bad communication or organization. Whenever it's happened to us it's been an accident or as a result of bad communication/misunderstanding over who was doing what. If you're using tools that automate code generation, e.g. resource editors, then it's hard to coordinate two people doing it, so two people shouldn't do it simultaneously. I know it was an SVN bug in this case, but even when SVN does things correctly with conflicts it can be a nightmare to sort out.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

BobJanova wrote:

I don't really understand the attraction of cats. They're vicious and selfish predators and almost impossible to train out of this kind of thing.

Pretty much answered your own question there ;) They're so damn arrogant, that they make you feel all warm inside when they decide to tolerate your presence. Until such time as they get so happy they dig their claws into your legs and launch themselves off of your bloodied thighs. What's not to love? I hear Steve Jobs had the same effect on people. There is a parasite that reproduces inside cats' stomachs (all sizes of cats - housecats to lions) and when it infects, say, a rat, it makes the rat enjoy the smell of feline urine instead of, as usual, running away from it, because the parasite "wants" to get back inside a cat's stomach (via consumption of said rat). There is a hypothosis that the same parasite can infect humans, causing an irrational desire to be around cats. Lots of cats. Thus, cat people. I hear Steve Jobs had the same effect on people.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

Vivic wrote:

Why is the US then interfering in the Mormon practice of plural marriage?

It would create too many bugs in TurboTax.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

PHS241 wrote:

What I found startling was that this could happen in the world's so-called super power and economy and millions of yanks are dependent on food banks and the number is expected to keep growing.

For those of you who don't live here let me let you in on some secrets: * The roads are not literally paved with gold. Some of the cooler parts do have cobblestones, but they're bumpier. * Just living in a powerful country does not mean you get a lot of money by showing up. See: every other powerful country in history. * There has been a conscious effort by a very vocal minority to relax or change regulations and rearrange the tax code with the goal being to pour more money into the richest 2% of the population at the expense of everyone else. This strategy has been working since the Reagan administration, and is accelerating. * The last time we had a budget surplus - at the end of the Clinton administration 13 years ago - the government mailed checks to everyone in the country. $750 I think we got? The economy collapsed shortly thereafter, the surplus wasted on what was essentially a PR stunt. Not causation, but all part of the same bubble that EVERYONE knew was going to burst. Because they always do. See: every other economic boom in history. If you have a magic bullet to pull these poor kids out of poverty, let me know. All this talk about "we give money to other countries" blah blah blah is meaningless. The amounts we're talking about there are drops in the bucket of what the government spends - very largely on the military, which somehow never gets mentioned as a wasteful government program, even though it is the most expensive, most wasteful "program" we have (I'm not saying get rid of it, but good god look at the numbers). The government cares more about bombers than schools, more about Wall Street than schools, more about getting re-elected than schools. And so too, it seems, does most everyone else.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

OriginalGriff wrote:

or even started learning java.

You sir, wash your brain out with soap; it's clearly infected.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

The second two movies had great cores but were poorly executed, in large part because of all the money they had to make them, in my opinion. To their credit, they are still NOT typical sci-fi action movies, but they do an impression of such at times. The "burley brawl" almost ruined the whole thing for me, and is a perfect example of what's wrong with the sequels - an idea that started out kinda cool (Agent Smith multiplying and taking over other people) but went on for about five times longer than it should have, and ended in a way that left you thinking "Why the f#@$ didn't he do that ten minutes ago??" They needed to stay within the technology of the day, and they failed utterly. The CGI Neo is a joke - when they go back and forth between the virtual and real one, his clothing changes by several shades of "black" ... it's laughable it's so bad. Also, Morpheus - the coolest character in the first one - was reduced to doing terrified reaction shots in a copilot seat in the last one. They introduced too many new characters and wanted us to care about them. Though seeing Zoe (from Firefly) was cool, however briefly ;) In the end though, they did not take the easy way out - they still were a bit enigmatic, if a bit full of themselves, and was not at all the ending I expected, yet on repeated viewings it made sense. I dunno, like the Star Wars prequels they are a mixed bag that aren't as bad as people are remembering (because of what they had to live up to) but could have been much better. Plus if you look at the special features there's an interview on set with Adam Savage of Mythbusters fame, before he was of Mythbusters fame :)

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

Matthew Faithfull wrote:

Thanks, I have tried that and it works for 95% of updates. However every now and again as I said Microsoft force one down regardless ignoring the 'prompt before download' or 'prompt before installing' settings.

I'm not sure what's going on with your system then, I have never seen that behavior when updates were set to "Download and notify" or just "Notify" ... and XP has been around for a long time.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

Well I bet she can afford a daisy wheel printer by now. I don't see the problem.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

Nagy Vilmos wrote:

I've had the latest from our resident Cat Lick

I take great offense at that term, you took the "Ho" out of Catholic! We can't have that.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

All of the younger candidates have brains that are at least tuned to the latter half of the 20th century (21st century is too much to hope for), so they need to go as old as possible to keep things as medieval as possible.

ChrisElston wrote:

I quite like religion, the pomp and ceremony, the costumes and buildings and so on. It is the faith bit I have a complete lack of.

I like it too, I feel like it's being able to witness quaint, ancient rituals without having to bother with the complications and potential paradoxes of time travel. Like watching a procession for the pharoah in ancient Egypt, or if you could watch expensive royal ceremonies paid for by the people in the British Empire.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

This is not the code I'm looking for.

Look at me still talking when there's science to do When I look out there it makes me glad I'm not you

Dan Neely wrote:

Highly dated hardware on consoles has become a deadweight whose drag is limiting cross platform games ability to take advantage of all the extra horse power on our gaming PCs. While I've no more desire to game on a console than you, I am looking forward to new consoles with reasonably current hardware freeing use from the albatross of compatibility with and limitations caused 8 year old GPU models.

That's the way it is when EVERY new console comes out. Until 3 months later when the next $600 nVidia card comes out. In the early days of add-in 3D cards, I was a junkie: I bought the 3DFX Voodoo, the Voodoo 2, then a SECOND Voodoo 2 which could work with the first one, then (and this was my first mistake) a Voodoo 3. Then I switched to nVidia, and I can't remember the model numbers... but I started to get off the bleeding edge and stayed one or two revs from the top end, and was still paying $200-300 for a card. God, I upgraded constantly. I shudder to think how much I spent. And this doesn't even include the multiple motherboard, RAM, and occasional hard drive upgrades I went through. I justified it because, hey, I'm a developer! I even had VC++ 6.0 installed on it! Not that I ever ran it. Then I had a kid. :) Months in advance my gaming and all associated equipment (steering wheel, other controllers, sound system and so on) was put into a mostly finished room in the basement. So I spent lots of time down there. My wife didn't like that. So, for xmas 2003, about two weeks before our child was to be born, she bought me an Xbox. (This was pre-360 and the Xbox was pretty mature at that point.) This kept me on the (warm) upstairs, in the main room of the house. I was skeptical at first, as any hardcore gamer would be. But the simplicity of it was nice, then I tried Xbox Live and OH MY GOD it made life so much easier to hop into games. My first experience was on Star Wars: Clone Wars (very different from what that name means now) and the multiplayer experience was amazing. (The single player portion rather sucked.) Then Halo proved it could be used as an FPS, and Halo 2 revolutionized the entire online FPS experience. I haven't gone back to PC gaming since. At all. But I guess graphics have ceased to amaze me. The N64 and the 3DFX cards were the last time I was wowed by a leap forward in graphics. Everything since then has been incremental. Hell, I still have an Atari 7800 (2600 compatibile), Atari 5200 and a top lo