...
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported Astrée reports all buffer overflows resulting from copying data to a buffer that is not large enough to hold that data. | |||||||
Axivion Bauhaus Suite |
| CertC-STR31 | Detects calls to unsafe string function that may cause buffer overflow | ||||||
CodeSonar |
| LANG.MEM.BO | Buffer overrun | ||||||
Can detect violations of the rule. However, it is unable to handle cases involving | |||||||||
Coverity |
| STRING_OVERFLOW BUFFER_SIZE OVERRUN STRING_SIZE | Fully implemented | ||||||
5.0 | |||||||||
| NNTS.MIGHT | ||||||||
| 489 S, 109 D, 66 X, 70 X, 71 X | Partially implemented | |||||||
Parasoft C/C++test |
| CERT_C-STR31-a | Avoid accessing arrays out of bounds | ||||||
PC-lint Plus |
| 421, 498 | Partially supported | ||||||
Polyspace Bug Finder |
| Checks for:
Rule partially covered. | |||||||
PRQA QA-C |
| 5009, 5038, 2840, 2841, 2842, 2843, 2845, 2846, 2847, 2848, 2930, 2931, 2932, 2933, 2935, 2936, 2937, 2938 | Partially implemented | ||||||
PRQA QA-C++ |
| 0145, 2840, 2841, 2842, 2843, 2845, 2846, 2847, 2848, 2930, 2931, 2932, 2933, 2935, 2936, 2937, 2938, 5006, 5038 | |||||||
PVS-Studio |
| V518, V645, V727, V755 | |||||||
| |||||||||
TrustInSoft Analyzer |
| mem_access | Exhaustively verified (see one compliant and one non-compliant example). | ||||||
Helix QAC |
|
Related Vulnerabilities
CVE-2009-1252 results from a violation of this rule. The Network Time Protocol daemon (NTPd), before versions 4.2.4p7 and 4.2.5p74, contained calls to sprintf
that allow an attacker to execute arbitrary code by overflowing a character array [xorl 2009].
...