...
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| LANG.MEM.BO LANG.MEM.TBA LANG.MEM.TO LANG.STRUCT.PBB BADFUNC.BO.* | Buffer overrun Tainted buffer access Type overrun Pointer before beginning of object A collection of warning classes that report uses of library functions prone to internal buffer overflows. | ||||||
Compass/ROSE | Could be configured to catch violations of this rule. The way to catch the noncompliant code example is to first hunt for example code that follows this pattern: for (LPWSTR pwszTemp = pwszPath + 2; *pwszTemp != L'\\'; In particular, the iteration variable is a pointer, it gets incremented, and the loop condition does not set an upper bound on the pointer. Once this case is handled, ROSE can handle cases like the real noncompliant code example, which is effectively the same semantics, just different syntax | ||||||||
| ARRAY_VS_SINGLETON NEGATIVE_RETURNS OVERRUN_STATIC | Can detect the access of memory past the end of a memory buffer/array Can detect when the loop bound may become negative Can detect the out-of-bound read/write to array allocated statically or dynamically | |||||||
Klocwork |
| ABV.ANY_SIZE_ARRAY | |||||||
LDRA tool suite |
| 45 D, 47 S, 476 S, 489 S, 64 X, 66 X, 68 X, 69 X, 70 X, 71 X, 79 X | Partially implemented | ||||||
Parasoft C/C++test | 9.5 | BD-PB-ARRAY | Partially implemented | ||||||
Polyspace Bug Finder | R2016a | Array index outside bounds during array access Array index from unsecure source possibly outside array bounds Pointer dereferenced outside its bounds Offset is from an unsecure source and dereference may be out of bounds Pointer from an unsecure source may be NULL or point to unknown memory | |||||||
PRQA QA-C |
| 2840, 2841, 2842, 2843, 2844, 2930, 2931, 2932, 2933, 2934, 2950, 2951, 2952, 2953 | Partially implemented | ||||||
Cppcheck |
| arrayIndexOutOfBounds, outOfBounds, negativeIndex, arrayIndexThenCheck, arrayIndexOutOfBoundsCond, possibleBufferAccessOutOfBounds | Context sensitive analysis of array index, pointers, etc. Array index out of bounds Buffer overflow when calling various functions memset,strcpy,.. Warns about condition (a[i] == 0 && i < unknown_value) and recommends that (i < unknown_value && a[i] == 0) is used instead Detects unsafe code when array is accessed before/after it is tested if the array index is out of bounds |
...