...
| Code Block | ||||
|---|---|---|---|---|
| ||||
enum { WORKSPACE_SIZE = 256 };
void func(const int src[], size_t len) {
int dest[WORKSPACE_SIZE];
memcpy(dest, src, len * sizeof(int));
/* ... */
}
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
enum { WORKSPACE_SIZE = 256 };
void func(const int src[], size_t len) {
int dest[WORKSPACE_SIZE];
if (len > WORKSPACE_SIZE) {
/* Handle Error */
}
memcpy(dest, src, sizeof(int)*len);
/* ... */
}
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <algorithm>
void func(const vector<int> src) {
vector<int> dest;
copy( src.begin(), src.end(), dest.begin());
/* ... */
}
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <algorithm>
void func(const vector<int> src) {
vector<int> dest;
dest.resize( src.size());
copy( src.begin(), src.end(), dest.begin());
/* ... */
}
|
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <algorithm>
void func(const vector<int> src) {
vector<int> dest;
copy( src.begin(), src.end(), back_inserter( dest));
/* ... */
}
|
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
ARR33-CPP | high | likely | medium | P18 | L1 |
Automated Detection
Coverity Code Advisor version 7.5 can detect violations of this rule.
Fortify SCA Version 5.0 can detect violations of this rule.
...
[ISO/IEC PDTR 24772] "XYB Buffer Overflow in Heap," "XYW Buffer Overflow in Stack," and "XYZ Unchecked Array Indexing"
[Meyers 01] Item 30: Make sure destination ranges are big enough
[MITRE] CWE ID 119, "Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer"
[MITRE] CWE ID 805, "Buffer Access with Incorrect Length Value"
[Seacord 05a] Chapter 2, "Strings"
[VU#196240]
...
ARR32CTR32-CPP. Do not use iterators invalidated by container modification 06. Arrays and the STL (ARRContainers (CTR) ARR34-CPP. Use Valid Iterator Ranges