...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
Compass/ROSE |
|
| Can detect violations of the rule. However, it is unable to handle cases involving | ||||||
| Coverity | 6.5 | Coverity | 6.5 | STRING_OVERFLOW | Fully Implemented | STRING_SIZE | Fully Implemented. Fully implemented. | ||
Fortify SCA | 5.0 |
|
| ||||||
|
|
| |||||||
|
|
| |||||||
|
|
| |||||||
Splint |
|
|
|
...
| CERT C++ Secure Coding Standard | STR31-CPP. Guarantee that storage for character arrays has sufficient space for character data and the null terminator |
| ISO/IEC TR 24772:2013 | String Termination [CJM] Buffer Boundary Violation (Buffer Overflow) [HCB] Unchecked Array Copying [XYW] |
| ISO/IEC TS 17961 (Draft) | Using a tainted value to write to an object using a formatted input or output function [taintformatio] |
| MITRE CWE | CWE-119, Failure to constrain operations within the bounds of an allocated memory buffer CWE-120, Buffer copy without checking size of input ("classic buffer overflow") CWE-193, Off-by-one error |
...