Page History

...

Copying string data to a buffer that is too small to hold that data results in a buffer overflow. Attackers can exploit this condition to execute arbitrary code with the permissions of the vulnerable process.

Rule	Severity	Likelihood	Detectable	RepairableRemediation Cost	Priority	Level
STR50-CPP	High	Likely	No	NoMedium	P18P9	L1L2

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

stream-input-char-array

Partially checked + soundly supported

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

MISC.MEM.NTERM
LANG.MEM.BO
LANG.MEM.TO

No space for null terminator
Buffer overrun
Type overrun

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C++5216

DF2835, DF2836, DF2839,

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

NNTS.MIGHT
NNTS.TAINTED
NNTS.MUST
SV.UNBOUND_STRING_INPUT.CIN

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

489 S, 66 X, 70 X, 71 X

Partially implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_CPP-STR50-b
CERT_CPP-STR50-c
CERT_CPP-STR50-e
CERT_CPP-STR50-f
CERT_CPP-STR50-g

Avoid overflow due to reading a not zero terminated string
Avoid overflow when writing to a buffer
Prevent buffer overflows from tainted data
Avoid buffer write overflow from tainted data
Do not use the 'char' buffer to store input from 'std::cin'

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C++: STR50-CPP

Checks for:

Use of dangerous standard function
Missing null in string array
Buffer overflow from incorrect string format specifier
Destination buffer overflow in string manipulation
Insufficient destination buffer size

Rule partially covered.

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

stream-input-char-array

Partially checked

SonarQube C/C++ Plugin

Include Page

	SonarQube C/C++ Plugin_V
	SonarQube C/C++ Plugin_V

S3519

...

Space shortcuts

Page tree

Versions Compared

Old Version 70

New Version 71

Key

Automated Detection