Page History

...

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
ARR38-C	High	Likely	Medium	P18	L1

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

array_out_of_bounds

Supported

Astrée reports all out-of-bound accesses within library analysis stubs. The user may provide additional stubs for arbitrary (library) functions.

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

LANG.MEM.BO
LANG.MEM.BU
BADFUNC.BO.*

Buffer overrun
Buffer underrun
A collection of warning classes that report uses of library functions prone to internal buffer overflows

Compass/ROSE

Coverity

Include Page

	Coverity_V
	Coverity_V

BUFFER_SIZE

BAD_SIZEOF

BAD_ALLOC_STRLEN

BAD_ALLOC_ARITHMETIC

Implemented

Fortify SCA

5.0

Can detect violations of this rule with CERT C Rule Pack

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C2840

DF2840, DF2841, DF2842, DF2843, DF2845, DF2846, DF2847, DF2848, DF2935, DF2936, DF2937, DF2938, DF4880, DF4881, DF4882, DF4883

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

ABV.GENERAL
ABV.GENERAL.MULTIDIMENSION

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

64 X, 66 X, 68 X, 69 X, 70 X, 71 X, 79 X

Partially Implmented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-ARR38-a
CERT_C-ARR38-b
CERT_C-ARR38-c
CERT_C-ARR38-d

Avoid overflow when reading from a buffer
Avoid overflow when writing to a buffer
Avoid buffer overflow due to defining incorrect format limits
Avoid overflow due to reading a not zero terminated string

Parasoft Insure++

Runtime analysis

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

419, 420

Partially supported

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rule ARR38-C

Checks for:

Mismatch between data length and size
Invalid use of standard library memory routine
Possible misuse of sizeof
Buffer overflow from incorrect string format specifier
Invalid use of standard library string routine
Destination buffer overflow in string manipulation
Destination buffer underflow in string manipulation

Rule partially covered.

Splint

Include Page

	Splint_V
	Splint_V

TrustInSoft Analyzer

Include Page

	TrustInSoft Analyzer_V
	TrustInSoft Analyzer_V

out of bounds read

Partially verified.

...

Taxonomy	Taxonomy item	Relationship
C Secure Coding Standard	API00-C. Functions should validate their parameters	Prior to 2018-01-12: CERT: Unspecified Relationship
C Secure Coding Standard	ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array	Prior to 2018-01-12: CERT: Unspecified Relationship
C Secure Coding Standard	INT30-C. Ensure that unsigned integer operations do not wrap	Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961:2013	Forming invalid pointers by library functions [libptr]	Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013	Buffer Boundary Violation (Buffer Overflow) [HCB]	Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013	Unchecked Array Copying [XYW]	Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11	CWE-119 , Improper Restriction of Operations within the Bounds of a Memory Buffer	2017-05-18: CERT: Rule subset of CWE
CWE 2.11	CWE-121, Stack-based Buffer Overflow	2017-05-18: CERT: Partial overlap
CWE 2.11	CWE-123, Write-what-where Condition	2017-05-18: CERT: Partial overlap
CWE 2.11	CWE-125, Out-of-bounds Read	2017-05-18: CERT: Partial overlap
CWE 2.11	CWE-805, Buffer Access with Incorrect Length Value	2017-05-18: CERT: Partial overlap
CWE 3.1	CWE-129, Improper Validation of Array Index	2017-10-30:MITRE:Unspecified Relationship 2018-10-18:CERT:Partial Overlap

CERT-CWE Mapping Notes

Key here for mapping notes

...

Arbitrary writes that do not involve standard C library functions

CWE-129 and ARR38-C

ARR38-C -CWE-129 = making library functions create invalid pointers without using untrusted data.

...

Space shortcuts

Page tree

Versions Compared

Old Version 172

New Version 173

Key

Automated Detection

CERT-CWE Mapping Notes

CWE-129 and ARR38-C