Page History

LANG.MEM.BO
LANG.MEM.BU

LANG.MEM.TO
LANG.MEM.TU

LANG.STRUCT.PBB
LANG.STRUCT.PPE

BADFUNC.BO.*

Buffer overrun
Buffer underrun

Type overrun
Type underrun

Pointer before beginning of object
Pointer past end of object

A collection of warning classes that report uses of library functions prone to internal buffer overflows.

Compass/ROSE

Could be configured to catch violations of this rule. The way to catch the noncompliant code example is to first hunt for example code that follows this pattern:

   for (LPWSTR pwszTemp = pwszPath + 2; *pwszTemp != L'\\';
   *pwszTemp++;)

In particular, the iteration variable is a pointer, it gets incremented, and the loop condition does not set an upper bound on the pointer. Once this case is handled, ROSE can handle cases like the real noncompliant code example, which is effectively the same semantics, just different syntax

Coverity

ARRAY_VS_SINGLETON

NEGATIVE_RETURNS

OVERRUN_STATIC
OVERRUN_DYNAMIC

Can detect the access of memory past the end of a memory buffer/array

Can detect when the loop bound may become negative

Can detect the out-of-bound read/write to array allocated statically or dynamically

Klocwork

ABV.ITERATOR SV.TAINTED.LOOP_BOUND

45 D, 47 S, 476 S, 489 S, 64 X, 66 X, 68 X, 69 X, 70 X, 71 X

2840, 2841, 2842, 2843, 2844, 2930, 2931, 2932, 2933, 2934, 2950, 2951, 2952, 2953

Context sensitive analysis of array index, pointers, etc.

Array index out of bounds

Buffer overflow when calling various functions memset,strcpy,..

Warns about condition (a[i] == 0 && i < unknown_value) and recommends that (i < unknown_value && a[i] == 0) is used instead.

Detects unsafe code when array is accessed before/after it is tested if the array index is out of bounds.