...
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| array-index-range | Partially checked | ||||||
Axivion Bauhaus Suite |
| CertC-ARR30 | Can detect out-of-bound access to array / buffer | ||||||
CodeSonar |
| LANG.MEM.BO LANG.MEM.TBA LANG.MEM.TO LANG.STRUCT.PBB BADFUNC.BO.* | Buffer overrun Tainted buffer access Type overrun Pointer before beginning of object A collection of warning classes that report uses of library functions prone to internal buffer overflows. | ||||||
Compass/ROSE | Could be configured to catch violations of this rule. The way to catch the noncompliant code example is to first hunt for example code that follows this pattern: for (LPWSTR pwszTemp = pwszPath + 2; *pwszTemp != L'\\'; In particular, the iteration variable is a pointer, it gets incremented, and the loop condition does not set an upper bound on the pointer. Once this case is handled, ROSE can handle cases like the real noncompliant code example, which is effectively the same semantics, just different syntax | ||||||||
| OVERRUN NEGATIVE_RETURNS ARRAY_VS_SINGLETON BUFFER_SIZE | Can detect the access of memory past the end of a memory buffer/array Can detect when the loop bound may become negative Can detect the out-of-bound read/write to array allocated statically or dynamically Can detect buffer overflows | |||||||
Cppcheck |
| arrayIndexOutOfBounds, outOfBounds, negativeIndex, arrayIndexThenCheck, arrayIndexOutOfBoundsCond, possibleBufferAccessOutOfBounds | Context sensitive analysis of array index, pointers, etc. Array index out of bounds Buffer overflow when calling various functions memset,strcpy,.. Warns about condition (a[i] == 0 && i < unknown_value) and recommends that (i < unknown_value && a[i] == 0) is used instead Detects unsafe code when array is accessed before/after it is tested if the array index is out of bounds | ||||||
Klocwork |
| ABV.ANY_SIZE_ARRAY | |||||||
LDRA tool suite |
| 45 D, 47 S, 476 S, 489 S, 64 X, 66 X, 68 X, 69 X, 70 X, 71 X, 79 X | Partially implemented | ||||||
Parasoft C/C++test |
| CERT_C-ARR30-a | Avoid accessing arrays out of bounds | ||||||
Parasoft Insure++ | Runtime analysis | ||||||||
Polyspace Bug Finder |
| Array access with tainted index | Array index outside bounds during array access Array index from unsecure source possibly outside array bounds Pointer dereferenced outside its bounds Offset is from an unsecure source and dereference may be out of bounds Pointer from an unsecure source may be NULL or point to unknown memory A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand | ||||||
PRQA QA-C |
| 2840, 2841, 2842, 2843, 2844, 2930, 2931, 2932, 2933, 2934, 2935, 2936, 2937, 2938, 2939, 2950, 2951, 2952, 2953 | Partially implemented | ||||||
PRQA QA-C++ |
| 2820, 2821, 2822, 2823, 2824, 2840, 2841, 2842, 2843, 2844, 2930, 2936, 2937, 2938, 2939, 2950, 2951, 2952 | Partially implemented | ||||||
PVS-Studio |
| V512, V557, V582, V594, V643, V645, V694 | |||||||
RuleChecker |
| array-index-range-constant | Partially checked |
...