Details
-
Type:
Bug Detection
-
Status: Active
-
Resolution: Unresolved
-
Labels:
-
Message:
-
Highlighting:
-
Default Severity:Blocker
-
Impact:High
-
Likelihood:High
-
Default Quality Profiles:Sonar way, MISRA C++ 2008 recommended
-
Covered Languages:C, C++, Objective-C
-
Remediation Function:Constant/Issue
-
Constant Cost:5 min
-
Analysis Scope:Main Sources, Test Sources
-
Implementation details:
-
CERT:STR50-CPP., ARR30-C.
-
CWE:CWE-119, CWE-131, CWE-788
Description
Array overruns and buffer overflows happen when memory access accidentally goes beyond the boundary of the allocated array or buffer. These overreaching accesses cause some of the most damaging, and hard to track defects.
Noncompliant Code Example
int array[10]; array[10] = 0; // Noncompliant: index should be between 0 & 9 char *buffer1 = (char *) malloc(100); char *buffer2 = (char *) malloc(50); memcpy(buffer2, buffer1, 100); // Noncompliant: buffer2 will overflow.
Compliant Solution
int array[10]; array[9] = 0; char *buffer1 = (char *) malloc(100); char *buffer2 = (char *) malloc(50); memcpy(buffer2, buffer1, 50);
See
- MITRE, CWE-119 - Improper Restriction of Operations within the Bounds of a Memory Buffer
- MITRE, CWE-131 - Incorrect Calculation of Buffer Size
- MITRE, CWE-788 - Access of Memory Location After End of Buffer
- CERT, ARR30-C. - Do not form or use out-of-bounds pointers or array subscripts
- CERT, STR50-CPP. - Guarantee that storage for strings has sufficient space for character data and the null terminator
Attachments
Issue Links
- is implemented by
-
CPP-1756 C/C++ Rule: Memory access should be explicitly bounded to prevent buffer overflows
-
- Closed
-
-
-
- Closed
-
-
CPP-2280 S3519: Fix false negatives
-
- Open
-
- is related to
-
CPP-2943 Create an MMF for better reporting focused on buffer overflow.
-
- In Review
-
-
CPP-2566 S3519: Fix FP when decrementing pointer
-
- Open
-
-
-
- Open
-
-
-
- Closed
-
-
-
- Closed
-
-
- Active
