...
memcpy() | memmove() | memset() |
|
wmemcpy() | wmemmove() | strftime() |
|
calloc() | malloc() | realloc() |
|
strncpy() | swprintf() | vswprintf() |
|
wcsncpy() | strxfrm() | snprintf() |
|
vsnprintf() | fwrite() * | fread() * |
|
* - both the functions take more than one size_t argument. In such cases, the compliant code will have to be changed according to the purpose of these arguments. For example in the case of fread():
size_t fread ( void *ptr, size_t size, size_t count, FILE * stream)
the programmer should make sure that the memory block to which 'ptr' points is of atleast size*count bytes.
Risk Assessment
Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.
...