Tool | Version | Checker | Description |
|---|
| CodeSonar | | LANG.MEM.BO
LANG.MEM.TO
MISC.MEM.NTERM
BADFUNC.BO.* | Buffer overrun
Type overrun
No space for null terminator
A collection of warning classes that report uses of library functions prone to internal buffer overflows |
Compass/ROSE | | | Can detect violations of the rule. However, it is unable to handle cases involving strcpy_s() or manual string copies such as the one in the first example |
| Coverity | 6.5 | STRING_OVERFLOW
STRING_SIZE
SECURE_CODING | Fully implemented |
Fortify SCA | 5.0 | | |
Klocwork | | NNTS.TAINTED
SV.STRBO.GETS
SV.USAGERULES.UNBOUNDED_STRING_COPY | |
LDRA tool suite | | | 489 S, 109 D, 66 X, 70 X, 71 X | Partially implemented |
Splint | | | |
| PRQA QA-C | | warncall for 'gets' | Partially implemented |
