SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 132

changes.mady.by.user Ram Cherukuri

Saved on

compared with

New Version 133

changes.mady.by.user Aaron Ballman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added information for CVE-2016-2208

...

Tool

Version

Checker

Description

 
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.MEM.BO
LANG.MEM.BU
BADFUNC.BO.*

Buffer overrun
Buffer underrun
A collection of warning classes that report uses of library functions prone to internal buffer overflows

 

Compass/ROSE

 

 

 

 
Coverity6.5BUFFER_SIZEFully implemented 

Fortify SCA

5.0

 

Can detect violations of this rule with CERT C Rule Pack

 

Klocwork

Include Page
Klocwork_V
Klocwork_V

ABR

 

 
LDRA tool suite
Include Page
LDRA_V
LDRA_V
64 X, 66 X, 68 X, 69 X, 70 X, 71 X, 79 X
Partially Implmented 
Parasoft C/C++test9.5BD-PB-OVERF{RD,WR,FMT,NZT}Fully implemented 
Parasoft Insure++  Runtime analysis 
Polyspace Bug FinderR2016a

Array access out of bounds, Buffer overflow from incorrect string format specifier, Destination buffer overflow in string manipulation, Destination buffer underflow in string manipulation, Invalid use of standard library memory routine
Invalid use of standard library string routine, Mismatch between data length and size, Pointer access out of bounds
Possible misuse of sizeof, Use of tainted pointer

Guarantee that library functions do not form invalid pointers 
PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

2845, 2846, 2847, 2848, 2849, 2930, 2932, 2933, 2934

Fully implemented 

Splint

Include Page
Splint_V
Splint_V

 

 

 

Related Vulnerabilities

CVE-2016-2208 results from a violation of this rule. The attacker can supply a value used to determine how much data is copied into a buffer via memcpy(), resulting in a buffer overlow of attacker-controlled data.

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...