Tool | Version | Checker | Description |
|---|
| Astrée | | stream-input-char-array
| Partially checked + soundly supported |
| CodeSonar | | MISC.MEM.NTERM LANG.MEM.BO
LANG.MEM.TO
| No space for null terminator Buffer overrun
Type overrun |
| Helix QAC | | C++5216 DF2835, DF2836, DF2839, |
|
| Klocwork | | NNTS.MIGHT
NNTS.TAINTED
NNTS.MUST
SV.UNBOUND_STRING_INPUT.CIN |
|
| LDRA tool suite | | 489 S, 66 X, 70 X, 71 X
| Partially implemented |
| Parasoft C/C++test | | CERT_CPP-STR50-b
CERT_CPP-STR50-c
CERT_CPP-STR50-e
CERT_CPP-STR50-f
CERT_CPP-STR50-g | Avoid overflow due to reading a not zero terminated string
Avoid overflow when writing to a buffer
Use vector and string instead of arraysPrevent buffer overflows from tainted data
Avoid buffer write overflow from tainted data
Do not use the 'char' buffer to store input from 'std::cin' |
| Polyspace Bug Finder | | Include Page |
|---|
| Polyspace Bug Finder_V |
|---|
| Polyspace Bug Finder_V |
|---|
|
| CERT C++: STR50-CPP | Checks for: - Use of dangerous standard function
- Missing null in string array
- Buffer overflow from incorrect string format specifier
- Destination buffer overflow in string manipulation
- Insufficient destination buffer size
Rule partially covered. |
| RuleChecker | | Include Page |
|---|
| RuleChecker_V |
|---|
| RuleChecker_V |
|---|
|
| stream-input-char-array
| Partially checked |
| SonarQube C/C++ Plugin | | Include Page |
|---|
| SonarQube C/C++ Plugin_V |
|---|
| SonarQube C/C++ Plugin_V |
|---|
|
| S3519 |
|
