Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated UB references from C11->C23

...

Annex J of the C Standard [ISO/IEC 9899:20112024] states that it is undefined behavior if the "pointer passed to a library function array parameter does not have a value such that all address computations and object accesses are valid." (See undefined behavior 109108.)

In the following code,

Code Block
int arr[5];
int *p = arr;

unsigned char *p2 = (unsigned char *)arr;
unsigned char *p3 = arr + 2;
void *p4 = arr;

...

fgets()fgetws()mbstowcs()1 wcstombs()1
mbrtoc16()2 mbrtoc32()2mbsrtowcs()1wcsrtombs()1
mbtowc()2 mbrtowc()1 2mblen()mbrlen()
memchr()wmemchr()memset()wmemset()
strftime()wcsftime()strxfrm()1wcsxfrm()1
strncat()2 wcsncat()2snprintf()vsnprintf()
swprintf()vswprintf()setvbuf()tmpnam_s()
snprintf_s()sprintf_s() vsnprintf_s()vsprintf_s()
gets_s() getenv_s()wctomb_s()mbstowcs_s()3
wcstombs_s()3memcpy_s()3memmove_s()3strncpy_s()3
strncat_s()3strtok_s()2strerror_s()strnlen_s()
asctime_s()ctime_s()snwprintf_s()swprintf_s()
vsnwprintf_s()vswprintf_s()wcsncpy_s()3wmemcpy_s()3
wmemmove_s()3wcsncat_s()3wcstok_s()2wcsnlen_s()
wcrtomb_s()mbsrtowcs_s()3wcsrtombs_s()3memset_s()4

...

KlocworkKlocworkKlocwork

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
array_out_of_bounds

Supported

Astrée reports all out-of-bound accesses within library analysis stubs. The user may provide additional stubs for arbitrary (library) functions.

Supported, but no explicit checker

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

LANG.MEM.BO
LANG.MEM.BU
BADFUNC.BO.*

Buffer overrun
Buffer underrun
A collection of warning classes that report uses of library functions prone to internal buffer overflows

Compass/ROSE




Coverity
Include Page
Coverity_V
Coverity_V

BUFFER_SIZE

BAD_SIZEOF

BAD_ALLOC_STRLEN

BAD_ALLOC_ARITHMETIC

Implemented

Fortify SCA

5.0


Can detect violations of this rule with CERT C Rule Pack

Helix QAC

Include Page

Helix QAC_V

Helix QAC_V

C2840

DF2840, DF2841, DF2842, DF2843, DF2845, DF2846, DF2847, DF2848, DF2935, DF2936, DF2937, DF2938, DF4880, DF4881, DF4882, DF4883


Klocwork

Include Page
Klocwork_V
Klocwork_V

ABV.GENERAL
ABV.GENERAL.MULTIDIMENSION
ABV.ANY_SIZE_ARRAY
ABV.GENERAL
ABV.ITERATOR
ABV.STACK
ABV.TAINTED
ABV.UNKNOWN_SIZE


LDRA tool suite
Include Page
LDRA_V
LDRA_V
64 X, 66 X, 68 X, 69 X, 70 X, 71 X, 79 X
Partially Implmented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-ARR38-a
CERT_C-ARR38-b
CERT_C-ARR38-c
CERT_C-ARR38-d

Avoid overflow when reading from a buffer
Avoid overflow when writing to a buffer
Avoid buffer overflow due to defining incorrect format limits
Avoid overflow due to reading a not zero terminated string

Parasoft Insure++

Runtime analysis
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

419, 420

Partially supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule ARR38-C

Checks for:

  • Mismatch between data length and size
  • Invalid use of standard library memory routine
  • Possible misuse of sizeof
Array access out of bounds
  • Buffer overflow from incorrect string format specifier
  • Invalid use of standard library string routine
  • Destination buffer overflow in string manipulation
  • Destination buffer underflow in string manipulation

Invalid use of standard library memory routine

Invalid use of standard library string routine

Mismatch between data length and size

Pointer access out of bounds

Possible misuse of sizeof

Use of tainted pointer

Array index outside bounds during array access

String format specifier causes buffer argument of standard library functions to overflow

Function writes to buffer at offset greater than buffer size

Function writes to buffer at a negative offset from beginning of buffer

Standard library memory function called with invalid arguments

Standard library string function called with invalid arguments

Data size argument is not computed from actual data length

Pointer dereference outside its bounds

Use of sizeof operator can cause unintended results

Pointer from an unsecure source may be NULL or point to unknown memory

PRQA QA-C
Include Page
PRQA QA-C_vPRQA QA-C_v

2845, 2846, 2847, 2848, 2849,

2930, 2932, 2933, 2934

Fully implementedPRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_Vcplusplus:PRQA QA-C++_V

2840, 2841, 2842, 2843, 2844,

2935, 2936, 2937, 2938, 2939

Fully implemented

Rule partially covered.

Splint

Include Page
Splint_V
Splint_V



TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

out of bounds readPartially verified.

...