Page History

Supported

Astrée reports all out-of-bound accesses within library analysis stubs. The user may provide additional stubs for arbitrary (library) functions.

LANG.MEM.BO
LANG.MEM.BU
BADFUNC.BO.*

Buffer overrun
Buffer underrun
A collection of warning classes that report uses of library functions prone to internal buffer overflows

Compass/ROSE

BUFFER_SIZE

BAD_SIZEOF

BAD_ALLOC_STRLEN

BAD_ALLOC_ARITHMETIC

Fortify SCA

5.0

Can detect violations of this rule with CERT C Rule Pack

C2840, C2841, C2842, C2843, C2845, C2846, C2847, C2848, C2935, C2936, C2937, C2938, C4880, C4881, C4882, C4883

C++2840, C++2841, C++2842, C++2843, C++2845, C++2846, C++2847, C++2848, C++2935, C++2936, C++2937, C++2938, C++4880, C++4881, C++4882, C++4883

DF2840, DF2841, DF2842, DF2843, DF2845, DF2846, DF2847, DF2848, DF2935, DF2936, DF2937, DF2938, DF4880, DF4881, DF4882, DF4883

Klocwork

ABV.GENERAL
ABV.GENERAL.MULTIDIMENSION

CERT_C-ARR38-a
CERT_C-ARR38-b
CERT_C-ARR38-c
CERT_C-ARR38-d

Avoid overflow when reading from a buffer
Avoid overflow when writing to a buffer
Avoid buffer overflow due to defining incorrect format limits
Avoid overflow due to reading a not zero terminated string

419, 420

Partially supported

CERT C: Rule ARR38-C

Checks for:

• Mismatch between data length and size
• Invalid use of standard library memory routine
• Possible misuse of sizeof
• Buffer overflow from incorrect string format specifier
• Invalid use of standard library string routine
• Destination buffer overflow in string manipulation
• Destination buffer underflow in string manipulation

Rule partially covered.

2840, 2841, 2842, 2843, 2845, 2846,

2847, 2848, 2935, 2936, 2937, 2938

2840, 2841, 2842, 2843, 2845, 2846,

2847, 2848, 2935, 2936, 2937, 2938

Splint