Tool | Version | Checker | Description |
|---|
| Astrée | | stream-input-char-array
| Partially checked + soundly supported |
| CodeSonar | | MISC.MEM.NTERM LANG.MEM.BO
LANG.MEM.TO
| No space for null terminator Buffer overrun
Type overrun |
| Helix QAC | | C++5216 DF2835, DF2836, DF2839, |
|
| Klocwork | | NNTS.MIGHT
NNTS.TAINTED
NNTS.MUST
SV.UNBOUND_STRING_INPUT.CIN |
|
| LDRA tool suite | | 489 S, 66 X, 70 X, 71 X
| Partially implemented |
| Parasoft C/C++test | | CERT_CPP-STR50-a
CERT_CPP-STR50-b
CERT_CPP-STR50-c
CERT_CPP-STR50-d
CERT_CPP-STR50-e
CERT_CPP-STR50-f
CERT_CPP-STR50-g | Use vector and string instead of arrays
Avoid overflow due to reading a not zero terminated string
Avoid overflow when writing to a buffer
Avoid accessing arrays out of bounds
Prevent buffer overflows from tainted data
Avoid buffer write overflow from tainted data
Avoid using unsafe string functions which may cause buffer overflowsDo not use the 'char' buffer to store input from 'std::cin' |
| Polyspace Bug Finder | | Include Page |
|---|
| Polyspace Bug Finder_V |
|---|
| Polyspace Bug Finder_V |
|---|
|
| CERT C++: STR50-CPP | Checks for: - Use of dangerous standard function
- Missing null in string array
- Buffer overflow from incorrect string format specifier
- Destination buffer overflow in string manipulation
- Insufficient destination buffer size
Rule partially covered. |
| RuleChecker | | Include Page |
|---|
| RuleChecker_V |
|---|
| RuleChecker_V |
|---|
|
| stream-input-char-array
| Partially checked |
| SonarQube C/C++ Plugin | | Include Page |
|---|
| SonarQube C/C++ Plugin_V |
|---|
| SonarQube C/C++ Plugin_V |
|---|
|
| S3519 |
|
