Page History

...

Tool

Version

Checker

Description

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.MEM.BO
LANG.MEM.BU
BADFUNC.BO.*

Buffer overrun
Buffer underrun
A collection of warning classes that report uses of library functions prone to internal buffer overflows

Compass/ROSE

Coverity

Include Page

	Coverity_V
	Coverity_V

BUFFER_SIZE

BAD_SIZEOF

BAD_ALLOC_STRLEN

BAD_ALLOC_ARITHMETIC

Fully implemented

Implemented

Fortify SCA

5.0

Can detect violations of this rule with CERT C Rule Pack

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

ABV.ANY_SIZE_ARRAY
ABV.GENERAL
ABV.ITERATOR
ABV.STACK
ABV.TAINTED
ABV.UNKNOWN_SIZE

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

64 X, 66 X, 68 X, 69 X, 70 X, 71 X, 79 X

Partially Implmented

Parasoft C/C++test

9.5

BD-PB-OVERF{RD,WR,FMT,NZT}

Fully implemented

Parasoft Insure++

Runtime analysis

Polyspace Bug Finder

R2016a

Array access out of bounds, Buffer overflow from incorrect string format specifier, Destination buffer overflow in string manipulation, Destination buffer underflow in string manipulation, Invalid use of standard library memory routine
Invalid use of standard library string routine, Mismatch between data length and size, Pointer access out of bounds
Possible misuse of sizeof, Use of tainted pointer

Guarantee that library functions do not form invalid pointers

PRQA QA-C

Include Page

	PRQA QA-C_v
	PRQA QA-C_v

2845, 2846, 2847, 2848, 2849, 2930, 2932, 2933, 2934

Fully implemented

Splint

Include Page

	Splint_V
	Splint_V

Related Vulnerabilities

CVE-2016-2208 results from a violation of this rule. The attacker can supply a value used to determine how much data is copied into a buffer via memcpy(), resulting in a buffer overlow of attacker-controlled data.

...

Space shortcuts

Page tree

Versions Compared

Old Version 137

New Version 138

Key

Related Vulnerabilities