SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 44

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 45

changes.mady.by.user Amy Gale

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added CodeSonar row to "Automated Detection" table

...

Copying data to a buffer that is too small to hold the data results in a buffer overflow. Attackers can exploit this condition to execute arbitrary code.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

CTR52-CPP

High

Likely

Medium

P18

L1

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

BADFUNC.BO.*

LANG.MEM.BO

A collection of warning classes that report uses of library functions prone to internal buffer overflows.

Buffer Overrun

Parasoft C/C++test
Include Page
cplusplus:
Parasoft_V
cplusplus:
Parasoft_V
BD-PB-OVERF{RD, WR, FMT, NZT}
 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding Standard STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator
SEI CERT C Coding StandardARR38-C. Guarantee that library functions do not form invalid pointers
MITRE CWECWE 119, Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer
CWE 805, Buffer Access with Incorrect Length Value

Bibliography

[ISO/IEC 14882-2014]

Subclause 25.3, "Mutating Sequence Operations"

[ISO/IEC TR 24772-2013]Buffer Overflow in Heap [XYB]
Buffer Overflow in Stack [XYW]
Unchecked Array Indexing [XYZ]
[Meyers 2001]Item 30, "Make Sure Destination Ranges Are Big Enough"

...


...