...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| LANG.MEM.BO LANG.MEM.TO (general) | Buffer Overrun Type Overrun CodeSonar's taint analysis includes handling for taint introduced through the environment. | ||||||
|
| Can detect violations of the rule by using the same method as STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
...
Related Guidelines
| CERT C++ Secure Coding Standard | VOID ENV01-CPP. Do not make assumptions about the size of an environment variable |
| MITRE CWE | CWE-119, Failure to constrain operations within the bounds of an allocated memory buffer |
...