Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported

Astrée reports all buffer overflows resulting from copying data to a buffer that is not large enough to hold that data.

Axivion Bauhaus Suite
Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V
CertC-STR31

Detects calls to unsafe string function that may cause buffer overflow
Detects potential buffer overruns, including those caused by unsafe usage of fscanf()

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.MEM.BO
LANG.MEM.TO
MISC.MEM.NTERM
BADFUNC.BO.*

Buffer overrun
Type overrun
No space for null terminator
A collection of warning classes that report uses of library functions prone to internal buffer overflows

Compass/ROSE



Can detect violations of the rule. However, it is unable to handle cases involving strcpy_s() or manual string copies such as the one in the first example

Coverity
Include Page
Coverity_V
Coverity_V

STRING_OVERFLOW

BUFFER_SIZE

OVERRUN

STRING_SIZE

Fully implemented

Fortify SCA

5.0



Klocwork

Include Page
Klocwork_V
Klocwork_V

NNTS.MIGHT
NNTS.MUST
SV.STRBO.BOUND_COPY.OVERFLOW
SV.STRBO.BOUND_COPY.UNTERM
SV.STRBO.BOUND_SPRINTF
SV.STRBO.UNBOUND_COPY
SV.STRBO.UNBOUND_SPRINTF


LDRA tool suite

Include Page
LDRA_V
LDRA_V

489 S, 109 D, 66 X, 70 X, 71 X

Partially implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-STR31-a
CERT_C-STR31-b
CERT_C-STR31-c
CERT_C-STR31-d
CERT_C-STR31-e

Avoid accessing arrays out of bounds
Avoid overflow when writing to a buffer
Prevent buffer overflows from tainted data
Avoid buffer write overflow from tainted data
Avoid using unsafe string functions which may cause buffer overflows

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

421, 498

Partially supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule STR31-C

Checks for:

  • Use of dangerous standard function
  • Missing null in string array
  • Buffer overflow from incorrect string format specifier
  • Destination buffer overflow in string manipulation
  • Tainted NULL or non-null-terminated string

Rule partially covered.

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v
5009, 5038, 2840, 2841, 2842, 2843, 2845, 2846, 2847, 2848, 2930, 2931, 2932, 2933, 2935, 2936, 2937, 2938Partially implemented
PRQA QA-C++

Include Page
cplusplus:PRQA QA-C++_V
cplusplus:PRQA QA-C++_V

0145, 2840, 2841, 2842, 2843, 2845, 2846, 2847, 2848, 2930, 2931, 2932, 2933, 2935, 2936, 2937, 2938, 5006, 5038
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V518, V645, V727, V755

Splint

Include Page
Splint_V
Splint_V



TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

mem_access

Exhaustively verified (see one compliant and one non-compliant example).

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V



Related Vulnerabilities

CVE-2009-1252 results from a violation of this rule. The Network Time Protocol daemon (NTPd), before versions 4.2.4p7 and 4.2.5p74, contained calls to sprintf that allow an attacker to execute arbitrary code by overflowing a character array [xorl 2009].

...