Page History

...

Using an invalid array or container index can result in an arbitrary memory overwrite or abnormal program termination.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
CTR50-CPP	High	Likely	High	P9	L2

Automated Detection

Tool

Version

Checker

Description

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.MEM.BO
LANG.MEM.BU
LANG.MEM.TO
LANG.MEM.TU
LANG.MEM.TBA
LANG.STRUCT.PBB
LANG.STRUCT.PPE

Buffer overrun
Buffer underrun
Type overrun
Type underrun
Tainted buffer access
Pointer before beginning of object
Pointer past end of object

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

ABV.ANY_SIZE_ARRAY
ABV.GENERAL
ABV.STACK
ABV.TAINTED
SV.TAINTED.ALLOC_SIZE
SV.TAINTED.CALL.INDEX_ACCESS
SV.TAINTED.CALL.LOOP_BOUND
SV.TAINTED.INDEX_ACCESS

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

45 D, 47 S, 476 S, 489 S, 64 X, 66 X, 68 X, 69 X, 70 X, 71 X, 79 X

Partially implemented

Parasoft C/C++test

Include Page

cplusplus:

	Parasoft_V

cplusplus:

	Parasoft_V

STL-36

PRQA


PRQA QA-C	4.1	3705, 3706, 3707

PRQA QA-C++

Include Page

	PRQA QA-C++_V
	PRQA QA-C++_V

2891, 3051, 3139, 3140


PVS-Studio	6.22	V781	General analysis rule

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C Coding Standard	ARR30-C. Do not form or use out-of-bounds pointers or array subscripts
MITRE CWE	CWE 119, Failure to Constrain Operations within the Bounds of a Memory Buffer CWE 129, Improper Validation of Array Index

Bibliography

[ISO/IEC 14882-2014]	Clause 23, "Containers Library" Subclause 24.2.1, "In General"
[ISO/IEC TR 24772-2013]	Boundary Beginning Violation [XYX] Wrap-Around Error [XYY] Unchecked Array Indexing [XYZ]
[Viega 2005]	Section 5.2.13, "Unchecked Array Indexing"

...

Space shortcuts

Page tree

Versions Compared

Old Version 62

New Version 63

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography