...
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| ALLOC.SIZE.ADDOFLOW | Addition overflow of allocation size | ||||||
|
| Can detect violations of this rule by ensuring that operations are checked for overflow before being performed . (Be mindful of exception INT30-EX2 because it excuses many operations from requiring validation, including all the operations that would validate a potentially dangerous operation. For instance, adding two | |||||||
Coverity | 6.5 | INTEGER_OVERFLOW | Implemented | ||||||
5.0 |
| Can detect violations of this rule with the CERT C Rule Pack | |||||||
LDRA tool suite |
| 493 S, 494 S | Partially implemented | ||||||
PRQA QA-C |
| 2910 (C) | Partially implemented |
...
Don Bailey [Bailey 2014] describes an unsigned integer wrap vulnerability in the LZO compression algorithm, which can be exploited in some implementations.
...