...
This noncompliant code example declares the msg identifier at file scope and reuses the same identifier to declare a character array local to the report_error() function. The programmer may unintentionally copy the function argument to the locally declared msg array within the report_error() function. Depending on the programmer's intention, this either failing fails to initialize the assign global variable msg, or by mistakenly using msgsize as the size of the local array potentially causing this allows the local msg buffer to overflow by using the global value msgsize as a bounds for the local buffer to overflow.
| Code Block | ||
|---|---|---|
| ||
static char msg[100]; static const size_t msgsize = sizeof( msg); void report_error(const char *str) { char msg[80]; snprintf(msg, msgsize, "Error: %s\n", str); /* ... */ } int main() { /* ... */ report_error("some error"); } |
...
| Code Block | ||
|---|---|---|
| ||
static char message[100]; static const size_t message_size = sizeof( message); void report_error(const char *str) { char msg[80]; snprintf(msg, sizeof( msg), "Error: %s\n", str); /* ... */ } int main() { /* ... */ report_error("some error"); } |
...