Uploaded image for project: 'Rules Repository'
  1. Rules Repository
  2. RSPEC-3519

Memory access should be explicitly bounded to prevent buffer overflows

    XMLWordPrintable

    Details

    • Message:
      Hide
      * Review this array access; it is likely to be an overrun.
      * Review this memory access; it is likely to create an overflow.
      Show
      * Review this array access; it is likely to be an overrun. * Review this memory access; it is likely to create an overflow.
    • Highlighting:
      Hide

      Primary: Array access or function call
      Secondary: * Index value for arrays

      • Length value for functions call
      • For loop end condition if applicable
      Show
      Primary: Array access or function call Secondary: * Index value for arrays Length value for functions call For loop end condition if applicable
    • Default Severity:
      Blocker
    • Impact:
      High
    • Likelihood:
      High
    • Default Quality Profiles:
      Sonar way, MISRA C++ 2008 recommended
    • Covered Languages:
      C, C++, Objective-C
    • Remediation Function:
      Constant/Issue
    • Constant Cost:
      5 min
    • Analysis Scope:
      Main Sources, Test Sources
    • Implementation details:
    • CERT:
      STR50-CPP., ARR30-C.
    • CWE:
      CWE-119, CWE-131, CWE-788

      Description

      Array overruns and buffer overflows happen when memory access accidentally goes beyond the boundary of the allocated array or buffer. These overreaching accesses cause some of the most damaging, and hard to track defects.

      Noncompliant Code Example

      int array[10];
      array[10] = 0; // Noncompliant: index should be between 0 & 9
      
      char *buffer1 = (char *) malloc(100);
      char *buffer2 = (char *) malloc(50);
      memcpy(buffer2, buffer1, 100); // Noncompliant: buffer2 will overflow.
      

      Compliant Solution

      int array[10];
      array[9] = 0;
      
      char *buffer1 = (char *) malloc(100);
      char *buffer2 = (char *) malloc(50);
      memcpy(buffer2, buffer1, 50);
      

      See

      • MITRE, CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
      • MITRE, CWE-131 - Incorrect Calculation of Buffer Size
      • MITRE, CWE-788 - Access of Memory Location After End of Buffer
      • CERT, ARR30-C. - Do not form or use out-of-bounds pointers or array subscripts
      • CERT, STR50-CPP. - Guarantee that storage for strings has sufficient space for character data and the null terminator

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              Unassigned Unassigned
              Reporter:
              freddy.mallet Freddy Mallet (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Dates

                Created:
                Updated: