Tool | Version | Checker | Description |
|---|
| Astrée | | stream-input-char-array
| Partially checked + soundly supported |
| CodeSonar | | MISC.MEM.NTERM
LANG.MEM.BO
LANG.MEM.TO
| No space for null terminator
Buffer overrun
Type overrun |
| Helix QAC | | C++5216 DF2835, DF2836, DF2839, |
|
| Klocwork | | NNTS.MIGHT
NNTS.TAINTED
NNTS.MUST
SV.UNBOUND_STRING_INPUT.CIN |
|
| LDRA tool suite | | 489 S, 66 X, 70 X, 71 X
| Partially implemented |
| Parasoft C/C++test | | CERT_CPP-STR50-b
CERT_CPP-STR50-c
CERT_CPP-STR50-e
CERT_CPP-STR50-f
CERT_CPP-STR50-g | Avoid overflow due to reading a not zero terminated string
Avoid overflow when writing to a buffer
Prevent buffer overflows from tainted data
Avoid buffer write overflow from tainted data
Do not use the 'char' buffer to store input from 'std::cin' |
| Polyspace Bug Finder | | Include Page |
|---|
| Polyspace Bug Finder_V |
|---|
| Polyspace Bug Finder_V |
|---|
|
| CERT C++: STR50-CPP | Checks for: - Use of dangerous standard function
- Missing null in string array
- Buffer overflow from incorrect string format specifier
- Destination buffer overflow in string manipulation
- Insufficient destination buffer size
Rule partially covered. |
| RuleChecker | | Include Page |
|---|
| RuleChecker_V |
|---|
| RuleChecker_V |
|---|
|
| stream-input-char-array
| Partially checked |
| SonarQube C/C++ Plugin | | Include Page |
|---|
| SonarQube C/C++ Plugin_V |
|---|
| SonarQube C/C++ Plugin_V |
|---|
|
| S3519 |
|
