SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 56

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 57

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft C/C++test 10.4.1 update

...

Copying string data to a buffer that is too small to hold that data results in a buffer overflow. Attackers can exploit this condition to execute arbitrary code with the permissions of the vulnerable process.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR50-CPP

High

Likely

Medium

P18

L1

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

MISC.MEM.NTERM

LANG.MEM.BO
LANG.MEM.TO

No space for null terminator

Buffer overrun
Type overrun

Klocwork
Include Page
Klocwork_V
Klocwork_V

NNTS.MIGHT
NNTS.TAINTED

 

LDRA tool suite
Include Page
LDRA_V
LDRA_V

489 S, 66 X, 70 X, 71 X

Partially implemented

Parasoft C/C++test
Include Page
cplusplus:
Parasoft_V
cplusplus:
Parasoft_V
BD

CERT_CPP-

PB-OVERFWR, SECURITY-12

STR50-a

Use vector and string instead of arrays

 

SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S3519
 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C Coding StandardSTR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator

Bibliography

[ISO/IEC 14882-2014]

Subclause 27.7.2.2.3, "basic_istream::operator>>"
Subclause 27.7.2.3, "Unformatted Input Functions" 

[Seacord 2013]Chapter 2, "Strings"

...


...