...
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| integer-overflow | Fully checked | ||||||
CodeSonar |
| ALLOC.SIZE.ADDOFLOW | Addition overflow of allocation size | ||||||
Compass/ROSE | Can detect violations of this rule by ensuring that operations are checked for overflow before being performed (Be mindful of exception INT30-EX2 because it excuses many operations from requiring validation, including all the operations that would validate a potentially dangerous operation. For instance, adding two | ||||||||
Coverity |
| INTEGER_OVERFLOW | Implemented | ||||||
Klocwork |
| NUM.OVERFLOW CWARN.NOEFFECT.OUTOFRANGE | |||||||
LDRA tool suite |
| 493 S, 494 S | Partially implemented | ||||||
Parasoft C/C++test |
| CERT_C-INT30-a | Avoid integer overflows | ||||||
Polyspace Bug Finder |
| CERT C: Rule INT30-C | Checks for:
Rule partially covered. | ||||||
PRQA QA-C |
| 2910 [C], 2911 [D], 2912 [A], 2913 [S], 3383, 3384, 3385, 3386 | Partially implemented | ||||||
PRQA QA-C++ |
| 2910, 2911, 2912, 2913 | |||||||
PVS-Studio |
| V658, V1028 | |||||||
TrustInSoft Analyzer |
| unsigned overflow | Exhaustively verified. | ||||||
Helix QAC |
| C: 2910, 2911, 2912, 2913, 3383, 3384, 3385, 3386 C++: 2910, 2911, 2912, 2913 |
Related Vulnerabilities
CVE-2009-1385 results from a violation of this rule. The value performs an unchecked subtraction on the length
of a buffer and then adds those many bytes of data to another buffer [xorl 2009]. This can cause a buffer overflow, which allows an attacker to execute arbitrary code.
...