...
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| integer-overflow | Fully checked | ||||||
CodeSonar |
| ALLOC.SIZE.ADDOFLOW | Addition overflow of allocation size | ||||||
Compass/ROSE |
|
| Can detect violations of this rule by ensuring that operations are checked for overflow before being performed (Be mindful of exception INT30-EX2 because it excuses many operations from requiring validation, including all the operations that would validate a potentially dangerous operation. For instance, adding two | ||||||
Coverity |
| INTEGER_OVERFLOW | Implemented | ||||||
Klocwork |
| NUM.OVERFLOW CWARN.NOEFFECT.OUTOFRANGE | |||||||
LDRA tool suite |
| 493 S, 494 S | Partially implemented | ||||||
Polyspace Bug Finder | R2016a | Unsigned integer overflow | Overflow from operation between unsigned integers | ||||||
PRQA QA-C |
| 2910 (C) | Partially implemented | ||||||
RuleChecker |
| integer-overflow | Fully checked |
Related Vulnerabilities
CVE-2009-1385 results from a violation of this rule. The value performs an unchecked subtraction on the length
of a buffer and then adds those many bytes of data to another buffer [xorl 2009]. This can cause a buffer overflow, which allows an attacker to execute arbitrary code.
...