...
Tool | Version | Checker | Description | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Axivion Bauhaus Suite |
| CertC-DCL39 | Detects composite structures with padding, in particular those passed to trust boundary routines. | |||||||||||||
| Helix QAC |
| C: 4941, 4942, 4943 C++: 4941, 4942, 4943 | ||||||||||||||
| Klocwork |
| PORTING.STORAGE.STRUCT PORTING.STRUCT.BOOL | ||||||||||||||
| Parasoft C/C++test |
| CERT_C-DCL39-a | A pointer to a structure should not be passed to a function that can copy data to the user space | |||||||||||||
| CERT C: Rule DCL39-C | Checks for information leak via structure padding | ||||||||||||||
| PRQA QA-C |
| 4941, 4942, 4943 | ||||||||||||||
| PRQA QA-C++ |
| 4941, 4942, 4943 | Helix QAC | | Include Page |
Helix QAC_V | | C: 4941, 4942, 4943 C++: 4941, 4942, 4943 |
Related Vulnerabilities
Numerous vulnerabilities in the Linux Kernel have resulted from violations of this rule. CVE-2010-4083 describes a vulnerability in which the semctl() system call allows unprivileged users to read uninitialized kernel stack memory because various fields of a semid_ds struct declared on the stack are not altered or zeroed before being copied back to the user.
...