Page History

...

Tool

Version

Checker

Description

Include Page

	Astrée_V
	Astrée_V

Supported, but no explicit checker

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.MEM.BO
LANG.MEM.TO
MISC.MEM.NTERM
BADFUNC.BO.*

Buffer overrun
Type overrun
No space for null terminator
A collection of warning classes that report uses of library functions prone to internal buffer overflows

Compass/ROSE

Can detect violations of the rule. However, it is unable to handle cases involving strcpy_s() or manual string copies such as the one in the first example

Coverity

Include Page

	Coverity_V
	Coverity_V

STRING_OVERFLOW

BUFFER_SIZE

OVERRUN

STRING_SIZE

Fully implemented

Fortify SCA

5.0

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

NNTS.MIGHT
NNTS.MUST
SV.STRBO.BOUND_COPY.OVERFLOW
SV.STRBO.BOUND_COPY.UNTERM
SV.STRBO.BOUND_SPRINTF
SV.STRBO.UNBOUND_COPY
SV.STRBO.UNBOUND_SPRINTF

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

489 S, 109 D, 66 X, 70 X, 71 X

Partially implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

BD-PB-OVERFWR, BD-PB-ARRAY, BD-PB-OVERFWR, BD-SECURITY-BUFWRITE, BD-SECURITY-OVERFWR, SECURITY-12

Implemented

Polyspace Bug Finder R2016a Guarantee that storage for strings has sufficient space for character data and null terminator

Splint

Include Page

	Splint_V
	Splint_V

PRQA QA-C

Include Page

	PRQA QA-C_v
	PRQA QA-C_v

2845, 2846, 2847, 2848, 2849, 5009

Partially implemented

PRQA QA-C++ 4.2 0145, 2845, 2846, 2847, 2848, 2849, 2840, 2841, 2842, 2843, 2844, 2930, 2831, 2831, 2832, 2833, 2934

PVS-Studio 6.22 V518, V645, V727, V755 General analysis rule set

Related Vulnerabilities

CVE-2009-1252 results from a violation of this rule. The Network Time Protocol daemon (NTPd), before versions 4.2.4p7 and 4.2.5p74, contained calls to sprintf that allow an attacker to execute arbitrary code by overflowing a character array [xorl 2009].

...

Space shortcuts

Page tree

Versions Compared

Old Version 203

New Version 204

Key

Related Vulnerabilities