...
fgets() | fgetws() | mbstowcs() 1 | wcstombs() 1 |
mbrtoc16() 2 | mbrtoc32() 2 | mbsrtowcs() 1 | wcsrtombs() 1 |
mbtowc() 2 | mbrtowc() 1 2 | mblen() | mbrlen() |
memchr() | wmemchr() | memset() | wmemset() |
strftime() | wcsftime() | strxfrm()1 | wcsxfrm()1 |
strncat()2 | wcsncat()2 | snprintf() | vsnprintf() |
swprintf() | vswprintf() | setvbuf() | tmpnam_s() |
snprintf_s() | sprintf_s() | vsnprintf_s() | vsprintf_s() |
gets_s() | getenv_s() | wctomb_s() | mbstowcs_s()3 |
wcstombs_s()3 | memcpy_s()3 | memmove_s()3 | strncpy_s()3 |
strncat_s()3 | strtok_s()2 | strerror_s() | strnlen_s() |
asctime_s() | ctime_s() | snwprintf_s() | swprintf_s() |
vsnwprintf_s() | vswprintf_s() | wcsncpy_s()3 | wmemcpy_s()3 |
wmemmove_s()3 | wcsncat_s()3 | wcstok_s()2 | wcsnlen_s() |
wcrtomb_s() | mbsrtowcs_s()3 | wcsrtombs_s()3 | memset_s()4 |
...
Tool | Version | Checker | Description | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| array_out_of_bounds | Supported Astrée reports all out-of-bound accesses within library analysis stubs. The user may provide additional stubs for arbitrary (library) functions. Supported, but no explicit checker | |||||||||||||||||||
CodeSonar |
| LANG.MEM.BO | Buffer overrun | |||||||||||||||||||
Coverity |
| BUFFER_SIZE BAD_SIZEOF BAD_ALLOC_STRLEN BAD_ALLOC_ARITHMETIC | Implemented | |||||||||||||||||||
5.0 | Can detect violations of this rule with CERT C Rule Pack | Klocwork|||||||||||||||||||||
Helix QAC |
| Klocwork
| Klocwork
| C2840 DF2840, DF2841, DF2842, DF2843, DF2845, DF2846, DF2847, DF2848, DF2935, DF2936, DF2937, DF2938, DF4880, DF4881, DF4882, DF4883 | ||||||||||||||||||
| ABV.GENERAL | |||||||||||||||||||||
LDRA tool suite |
| 64 X, 66 X, 68 X, 69 X, 70 X, 71 X, 79 X | Partially Implmented | |||||||||||||||||||
Parasoft C/C++test |
| BD CERT_C- PB-OVERFRD, BD-PB-OVERFWR, BD-PB-OVERFFMT, BD-PB-OVERFNZTARR38-a | Avoid overflow when reading from a buffer | |||||||||||||||||||
Parasoft Insure++ | Runtime analysis | |||||||||||||||||||||
PC-lint Plus |
| 419, 420 | Partially supported | |||||||||||||||||||
Polyspace Bug Finder | R2016a |
| Checks for:
Invalid use of standard library string routine, Mismatch between data length and size, Pointer access out of bounds Possible misuse of sizeof, Use of tainted pointer | Guarantee that library functions do not form invalid pointers | PRQA QA-C | |||||||||||||||||
Include Page | PRQA QA-C_v | PRQA QA-C_v | 2845, 2846, 2847, 2848, 2849, 2930, 2932, 2933, 2934 | Fully implemented | PRQA QA-C++ | |||||||||||||||||
Include Page | cplusplus:PRQA QA-C++_V | cplusplus:PRQA QA-C++_V | Rule partially covered. | |||||||||||||||||||
| ||||||||||||||||||||||
TrustInSoft Analyzer |
| out of bounds read | Partially verified. | 2840, 2841, 2842, 2843, 2844 | Fully implemented | Include Page | | Splint_V | Splint_V
Related Vulnerabilities
CVE-2016-2208 results from a violation of this rule. The attacker can supply a value used to determine how much data is copied into a buffer via memcpy()
, resulting in a buffer overlow of attacker-controlled data.
...
Taxonomy | Taxonomy item | Relationship |
---|---|---|
C Secure Coding Standard | API00-C. Functions should validate their parameters | Prior to 2018-01-12: CERT: Unspecified Relationship |
C Secure Coding Standard | ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array | Prior to 2018-01-12: CERT: Unspecified Relationship |
C Secure Coding Standard | INT30-C. Ensure that unsigned integer operations do not wrap | Prior to 2018-01-12: CERT: Unspecified Relationship |
ISO/IEC TS 17961:2013 | Forming invalid pointers by library functions [libptr] | Prior to 2018-01-12: CERT: Unspecified Relationship |
ISO/IEC TR 24772:2013 | Buffer Boundary Violation (Buffer Overflow) [HCB] | Prior to 2018-01-12: CERT: Unspecified Relationship |
ISO/IEC TR 24772:2013 | Unchecked Array Copying [XYW] | Prior to 2018-01-12: CERT: Unspecified Relationship |
CWE 2.11 | CWE-119, Improper Restriction of Operations within the Bounds of a Memory Buffer | 2017-05-18: CERT: Rule subset of CWE |
CWE 2.11 | CWE-121, Stack-based Buffer Overflow | 2017-05-18: CERT: Partial overlap |
CWE 2.11 | CWE-123, Write-what-where Condition | 2017-05-18: CERT: Partial overlap |
CWE 2.11 | CWE-125, Out-of-bounds Read | 2017-05-18: CERT: Partial overlap |
CWE 2.11 | CWE-805, Buffer Access with Incorrect Length Value | 2017-05-18: CERT: Partial overlap |
CWE 3.1 | CWE-129, Improper Validation of Array Index | 2017-10-30:MITRE:Unspecified Relationship 2018-10-18:CERT:Partial Overlap |
CERT-CWE Mapping Notes
Key here for mapping notes
...
Independent( ARR30-C, ARR38-C, EXP39-C, INT30-C)
STR31-C = Subset( Union( ARR30-C, ARR38-C))
STR32-C = Subset( ARR38-C)
...
Independent(ARR30-C, ARR38-C)
STR31-C = Subset( Union( ARR30-C, ARR38-C))
STR32-C = Subset( ARR38-C)
...
- Arbitrary writes that do not involve standard C library functions
CWE-129 and ARR38-C
ARR38-C -CWE-129 = making library functions create invalid pointers without using untrusted data.
E.g. : char[3] array;
strcpy(array, "123456");
CWE-129 - ARR38-C = not validating an integer used as an array index or in pointer arithmetic
E.g.: void foo(int i) {
char array[3];
array[i];
}
Intersection(ARR38-C, CWE-129) = making library functions create invalid pointers using untrusted data.
eg: void foo(int i) {
char src[3], dest[3];
memcpy(dest, src, i);
}
Bibliography
[Cassidy 2014] | Existential Type Crisis : Diagnosis of the OpenSSL Heartbleed Bug |
[IETF: RFC 6520] | |
[ISO/IEC TS 17961:2013] | |
[VU#720951] |
...