...
Copying string data to a buffer that is too small to hold that data results in a buffer overflow. Attackers can exploit this condition to execute arbitrary code with the permissions of the vulnerable process.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
STR50-CPP | High | Likely | Medium | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| stream-input-char-array | Partially checked + soundly supported | ||||||
CodeSonar |
| MISC.MEM.NTERM LANG.MEM.BO | No space for null terminator Buffer overrun | ||||||
Helix QAC |
| C++5216 DF2835, DF2836, DF2839, | |||||||
Klocwork |
| NNTS.MIGHT NNTS.TAINTED NNTS.MUST SV.UNBOUND_STRING_INPUT.CIN | |||||||
LDRA tool suite |
| 489 S, 66 X, 70 X, 71 X | Partially implemented | ||||||
Parasoft C/C++test |
| CERT_CPP-STR50-b | Avoid overflow due to reading a not zero terminated string | |||||||
Polyspace Bug Finder |
| CERT C++: STR50-CPP | Checks for:
Rule partially covered. | ||||||
RuleChecker |
| stream-input-char-array | Partially checked | ||||||
SonarQube C/C++ Plugin |
| S3519 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C Coding Standard | STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator |
Bibliography
[ISO/IEC 14882-2014] | Subclause 27.7.2.2.3, " |
[Seacord 2013] | Chapter 2, "Strings" |
...
...