Page History

...

Tool

Version

Checker

Description

Include Page

	Astrée_V
	Astrée_V

Supported by taint analysis

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

IO.TAINT.SIZE
LANG.MEM.TBA
IO.TAINT.ADDR
IO.UT.HOST
IO.UT.PORT

(general)

Tainted allocation size
Tainted buffer access
Tainted network address
Untrusted Network Host
Untrusted Network Port

CodeSonar will track the tainted value, along with any limits applied to it, and flag any problems caused by underconstraint. Warnings of a wide range of classes may be triggered, including tainted allocation size, buffer overrun, and division by zero

Klocwork Helix QAC

Include Page

Klocwork

	Helix QAC_V

Klocwork_V

	Helix QAC_V

DF2794, DF2804, DF2854, DF2859, DF2864, DF2894, DF2899, DF2904, DF2909, DF2914, DF2924, DF2944, DF2949, DF2954, DF2956, DF2959

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

SV.TAINTED.ALLOC_SIZE
SV.TAINTED.BINOP
SV.TAINTED.SV.TAINTED.ALLOC_SIZE
SV.TAINTED.BINOP
SV.TAINTED.CALL.BINOP
SV.TAINTED.CALL.INDEX_ACCESS
SV.TAINTED.CALL.LOOP_BOUND
SV.TAINTED.INDEX_ACCESS
SV.TAINTED.LOOP_BOUND
Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-INT04-a
CERT_C-INT04-b
CERT_C-INT04-c

Protect against integer overflow/underflow from tainted data
Avoid buffer read overflow from tainted data
Avoid buffer write overflow from tainted data

Polyspace Bug FinderR2016a

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rec. INT04-C

Checks for:

Array access with tainted index
Loop bounded with tainted value
Memory

Loop bounded with tainted value

Memory

allocation with tainted size
Tainted size of variable length array

Loop controlled by a value from an unsecure source

Size argument to memory function is from an unsecure source

Size of the variable-length array (VLA) is from an unsecure source and may be zero, negative, or too large

Rec. partially supported.

Space shortcuts

Page tree

Versions Compared

Old Version 112

New Version Current

Key

Related Vulnerabilities