...
Annex J of the C Standard [ISO/IEC 9899:20112024] states that it is undefined behavior if the "pointer passed to a library function array parameter does not have a value such that all address computations and object accesses are valid." (See undefined behavior 109108.)
In the following code,
Code Block |
---|
int arr[5]; int *p = arr; unsigned char *p2 = (unsigned char *)arr; unsigned char *p3 = arr + 2; void *p4 = arr; |
...
fgets() | fgetws() | mbstowcs() 1 | wcstombs() 1 |
mbrtoc16() 2 | mbrtoc32() 2 | mbsrtowcs() 1 | wcsrtombs() 1 |
mbtowc() 2 | mbrtowc() 1 2 | mblen() | mbrlen() |
memchr() | wmemchr() | memset() | wmemset() |
strftime() | wcsftime() | strxfrm()1 | wcsxfrm()1 |
strncat()2 | wcsncat()2 | snprintf() | vsnprintf() |
swprintf() | vswprintf() | setvbuf() | tmpnam_s() |
snprintf_s() | sprintf_s() | vsnprintf_s() | vsprintf_s() |
gets_s() | getenv_s() | wctomb_s() | mbstowcs_s()3 |
wcstombs_s()3 | memcpy_s()3 | memmove_s()3 | strncpy_s()3 |
strncat_s()3 | strtok_s()2 | strerror_s() | strnlen_s() |
asctime_s() | ctime_s() | snwprintf_s() | swprintf_s() |
vsnwprintf_s() | vswprintf_s() | wcsncpy_s()3 | wmemcpy_s()3 |
wmemmove_s()3 | wcsncat_s()3 | wcstok_s()2 | wcsnlen_s() |
wcrtomb_s() | mbsrtowcs_s()3 | wcsrtombs_s()3 | memset_s()4 |
...
Tool | Version | Checker | Description | |||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| array_out_of_bounds | Supported Astrée reports all out-of-bound accesses within library analysis stubs. The user may provide additional stubs for arbitrary (library) functions. Supported, but no explicit checker | |||||||||||||||||||
CodeSonar |
| LANG.MEM.BO | Buffer overrun | |||||||||||||||||||
Coverity |
| BUFFER_SIZE BAD_SIZEOF BAD_ALLOC_STRLEN BAD_ALLOC_ARITHMETIC | Implemented | |||||||||||||||||||
5.0 | Can detect violations of this rule with CERT C Rule Pack | Klocwork|||||||||||||||||||||
Helix QAC |
| Klocwork
| Klocwork
| C2840 DF2840, DF2841, DF2842, DF2843, DF2845, DF2846, DF2847, DF2848, DF2935, DF2936, DF2937, DF2938, DF4880, DF4881, DF4882, DF4883 | ||||||||||||||||||
| ABV.GENERAL | |||||||||||||||||||||
LDRA tool suite |
| 64 X, 66 X, 68 X, 69 X, 70 X, 71 X, 79 X | Partially Implmented | |||||||||||||||||||
Parasoft C/C++test |
| CERT_C-ARR38-a | Avoid overflow when reading from a buffer | |||||||||||||||||||
Parasoft Insure++ | Runtime analysis | |||||||||||||||||||||
PC-lint Plus |
| 419, 420 | Partially supported | |||||||||||||||||||
Polyspace Bug Finder |
| Checks for:
Invalid use of standard library memory routine Invalid use of standard library string routine | Array index outside bounds during array access String format specifier causes buffer argument of standard library functions to overflow Function writes to buffer at offset greater than buffer size Function writes to buffer at a negative offset from beginning of buffer Standard library memory function called with invalid arguments Standard library string function called with invalid arguments Data size argument is not computed from actual data length Pointer dereference outside its bounds Use of Pointer from an unsecure source may be NULL or point to unknown memory | PRQA QA-C | ||||||||||||||||||
Include Page | PRQA QA-C_v | PRQA QA-C_v | 2845, 2846, 2847, 2848, 2849, 2930, 2932, 2933, 2934 | Fully implemented | PRQA QA-C++ | |||||||||||||||||
Include Page | cplusplus:PRQA QA-C++_V | cplusplus:PRQA QA-C++_V | 2840, 2841, 2842, 2843, 2844, 2935, 2936, 2937, 2938, 2939 | Fully implemented Rule partially covered. | ||||||||||||||||||
| ||||||||||||||||||||||
TrustInSoft Analyzer |
| out of bounds read | Partially verified. |
...