...
Tool | Version | Checker | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported, but no explicit checker | |||||||||||
CodeSonar |
| LANG.MEM.BO | Buffer overrun | ||||||||||
Can detect violations of the rule. However, it is unable to handle cases involving | |||||||||||||
Coverity |
| STRING_OVERFLOW BUFFER_SIZE OVERRUN STRING_SIZE | Fully implemented | ||||||||||
5.0 | |||||||||||||
| NNTS.MIGHT | ||||||||||||
| 489 S, 109 D, 66 X, 70 X, 71 X | Partially implemented | |||||||||||
Parasoft C/C++test |
| BD-PB-OVERFWR, BD-PB-ARRAY, BD-PB-OVERFWR, BD-SECURITY-BUFWRITE, BD-SECURITY-OVERFWR, SECURITY-12 | Implemented | ||||||||||
Polyspace Bug Finder | R2016a | Guarantee that storage for strings has sufficient space for character data and null terminator | |||||||||||
Include Page | Splint_V | Splint_V | PRQA QA-C |
| 2845, 2846, 2847, 2848, 2849, 5009 | Partially implemented | |||||||
PRQA PRQA QA-C++ | 4.2 | 0145, 2845, 2846, 2847, 2848, 2849, 2840, 2841, 2842, 2843, 2844, 2930, 2831, 2831, 2832, 2833, 2934 | |||||||||||
PVS-Studio | 6.22 | V518, V645, V727, V755 | General analysis rule set | ||||||||||
|
Related Vulnerabilities
CVE-2009-1252 results from a violation of this rule. The Network Time Protocol daemon (NTPd), before versions 4.2.4p7 and 4.2.5p74, contained calls to sprintf
that allow an attacker to execute arbitrary code by overflowing a character array [xorl 2009].
...