...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <string.h>
void func(void) {
char c_str[]= "test string";
char *ptr1 = c_str;
char *ptr2;
ptr2 = ptr1 + 3;
memcpy(ptr2, ptr1, 6); /* undefined behavior */
/* ... */
} |
Compliant Solution
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
/* ... */
char format[100] = "%s";
int i;
float x;
int n = scanf(format, format + 2, &i, &x); /* undefined behavior */ |
Compliant Solution
The same results can be achieved as shown in this compliant solution.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdio.h>
/* ... */
int i;
float x;
int n = scanf("%d%f", &i, &x); /* valid defined behavior */ |
...
"outer-to-
...
inner" assignments between restricted pointers
The assignment between restricted pointers declared in nested blocks from a outer block to a inner block have defined behavior.
Noncompliant Code Example
The assignment of restrict-qualified pointers to other restrict-qualified pointers within the same block has undefined behavior.
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
int * restrict p1;
int * restrict q1;
int * restrict p2 = p1; /* valid defined behavior */
int * restrict q2 = q1; /* valid defined behavior */
} |
Compliant Solution
The same results can be achieved as shown in this compliant solution.
| Code Block | ||||
|---|---|---|---|---|
| ||||
{
int * restrict p1;
int * restrict q1;
{ /* added inner block begin */
int * restrict p2 = p1; /* undefined behavior */
int * restrict q2 = q1; /* undefined behavior */
...
} /* added inner block end */
} |
Risk Assessment
Using functions such as memcpy(), strcpy(), strncpy(), sscanf(), sprintf(), snprintf(), mbstowcs(), and wcstombs() to copy overlapping objects results in undefined behavior that can be exploited to cause data integrity violations.
...