Page History

Supported

Astrée reports all buffer overflows resulting from copying data to a buffer that is not large enough to hold that data.

Detects calls to unsafe string function that may cause buffer overflow
Detects potential buffer overruns, including those caused by unsafe usage of fscanf()

LANG.MEM.BO
LANG.MEM.TO
MISC.MEM.NTERM
BADFUNC.BO.*

Buffer overrun
Type overrun
No space for null terminator
A collection of warning classes that report uses of library functions prone to internal buffer overflows

Compass/ROSE

Can detect violations of the rule. However, it is unable to handle cases involving strcpy_s() or manual string copies such as the one in the first example

STRING_OVERFLOW

BUFFER_SIZE

OVERRUN

STRING_SIZE

Fully implemented

Fortify SCA

5.0

Klocwork

NNTS.MIGHT
NNTS.MUST
SV.STRBO.BOUND_COPY.OVERFLOW
SV.STRBO.BOUND_COPY.UNTERM
SV.STRBO.BOUND_SPRINTF
SV.STRBO.UNBOUND_COPY
SV.STRBO.UNBOUND_SPRINTF

LDRA tool suite

489 S, 109 D, 66 X, 70 X, 71 X

Partially implemented

CERT_C-STR31-a
CERT_C-STR31-b
CERT_C-STR31-c
CERT_C-STR31-d
CERT_C-STR31-e

Avoid accessing arrays out of bounds
Avoid overflow when writing to a buffer
Prevent buffer overflows from tainted data
Avoid buffer write overflow from tainted data
Avoid using unsafe string functions which may cause buffer overflows

421, 498

Partially supported

CERT C: Rule STR31-C

Checks for:

• Use of dangerous standard function
• Missing null in string array
• Buffer overflow from incorrect string format specifier
• Destination buffer overflow in string manipulation
• Tainted NULL or non-null-terminated string

Rule partially covered.

Splint

Exhaustively verified (see one compliant and one non-compliant example).