...
Tool | Version | Checker | Description | |||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Compass/ROSE | Could be configured to catch violations of this rule. The way to catch the noncompliant code example is to first hunt for example code that follows this pattern: for (LPWSTR pwszTemp = pwszPath + 2; *pwszTemp != L'\\'; In particular, the iteration variable is a pointer, it gets incremented, and the loop condition does not set an upper bound on the pointer. Once this case is handled, we can handle cases like the real noncompliant code example, which is effectively the same semantics, just different syntax. | |||||||||||||||||||
| ARRAY_VS_SINGLETON NEGATIVE_RETURNS OVERRUN_STATIC OVERRUN_DYNAMIC | Can detect the access of memory past the end of a memory buffer/array. | include | Coverity_V | Coverity_V | NEGATIVE_RETURNS | Can detect when the loop bound may become negative.Coverity Include Page | | Coverity_V | Coverity_V | OVERRUN_STATIC | Can detect the out-of-bound read/write to array allocated statically or dynamically. | ||||||||
| ABV.ITERATOR SV.TAINTED.LOOP_BOUND | |||||||||||||||||||
| LDRA tool suite |
| 47 S | Partially implemented. | |||||||||||||||||
| PRQA QA-C |
| 3680 3681 3682 3683 3685 (U) 3686 3688 3689 (U) 3690 3692 | Partially implemented. |
...
| ISO/IEC TR 24772 | Boundary beginning violation [XYX] Wrap-around error [XYY] Unchecked array indexing [XYZ] |
| ISO/IEC TS 17961 (Draft) | Forming or using out-of-bounds pointers or array subscripts [invptr] |
| MITRE CWE | CWE-119, Failure to constrain operations within the bounds of a memory buffer CWE-121, Stack-based buffer overflow CWE-122, Heap-based buffer overflow CWE-129, Unchecked array indexing CWE-788, Access of memory location after end of buffer CWE-805, Buffer access with incorrect length value |
...