From e16a934fb345b7974f934dc0bd905d1a4b46420a Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <daniel.marjamaki@gmail.com>
Date: Mon, 22 Dec 2014 15:41:46 +0100
Subject: [PATCH] CheckBufferOverrun: Added comment in code to clarify why
 severity is portability for pointerOutOfBounds message.

---
 lib/checkbufferoverrun.cpp | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index a292468f5..4a8551a15 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -175,6 +175,9 @@ void CheckBufferOverrun::outOfBoundsError(const Token *tok, const std::string &w
 
 void CheckBufferOverrun::pointerOutOfBoundsError(const Token *tok, const std::string &object)
 {
+    // The severity is portability instead of error since this ub doesnt
+    // cause bad behaviour on most implementations. people create out
+    // of bounds pointers by intention.
     reportError(tok, Severity::portability, "pointerOutOfBounds", "Undefined behaviour: Pointer arithmetic result does not point into or just past the end of the " + object + ".\n"
                 "Undefined behaviour: The result of this pointer arithmetic does not point into or just one element past the end of the " + object + ". Further information: https://www.securecoding.cert.org/confluence/display/seccode/ARR30-C.+Do+not+form+or+use+out+of+bounds+pointers+or+array+subscripts");
 }