Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

Page History

Versions Compared

Key

This line was added.
This line was removed.
Formatting was changed.

...

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
STR31-C	High	Likely	Medium	P18	L1

Automated Detection

...

Tool

Version

Checker

Description

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.MEM.BO
LANG.MEM.TO
MISC.MEM.NTERM
BADFUNC.BO.*

Buffer overrun
Type overrun
No space for null terminator
A collection of warning classes that report uses of library functions prone to internal buffer overflows

Can detect violations of the rule. However, it is unable to handle cases involving strcpy_s() or manual string copies such as the one in the first example

6.5

STRING_OVERFLOW
STRING_SIZE
SECURE_CODING

Fully implemented

5.0

Include Page

	Klocwork_V
	Klocwork_V

NNTS.TAINTED
SV.STRBO.GETS
SV.USAGERULES.UNBOUNDED_STRING_COPY

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

489 S, 109 D, 66 X, 70 X, 71 X

Partially implemented

Parasoft C/C++test 9.5 BD-PB-OVERFWR,SECURITY-12

Polyspace Bug Finder

R2016a

Array access out of bounds

Buffer overflow from incorrect string format specifier

Destination buffer overflow in string manipulation

Invalid use of standard library string routine

Missing null in string array

Pointer access out of bounds

Tainted NULL or non-null-terminated string

Use of dangerous standard function

Guarantee that storage for strings has sufficient space for character data and null terminator

Include Page

	Splint_V
	Splint_V

Include Page

	PRQA QA-C_v
	PRQA QA-C_v

warncall for 'gets'

Partially implemented

...