...
Copying data to a buffer that is too small to hold the data results in a buffer overflow. Attackers can exploit this condition to execute arbitrary code.
Rule | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
CTR52-CPP | High | Likely | No |
No |
P9 |
L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| invalid_pointer_dereference | |||||||
| CodeSonar |
| BADFUNC.BO.* | A collection of warning classes that report uses of library functions prone to internal buffer overflows. | ||||||
| Helix QAC |
| DF3526, DF3527, DF3528, DF3529, DF3530, DF3531, DF3532, DF3533, DF3534 | |||||||
| Klocwork |
| ITER.END.OUTPARAM.MIGHT ITER.END.OUTPARAM.MUST | |||||||
| Parasoft C/C++test |
| CERT_CPP-CTR52-a | Do not pass empty container iterators to std algorithms as destinations | |||||||
| Polyspace Bug Finder |
| CERT C++: CTR52-CPP | Checks for library functions overflowing sequence container (rule partially covered). | ||||||
| Security Reviewer - Static Reviewer | 6.02 | C01 C04 | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | STR50-CPP. Guarantee that storage for strings has sufficient space for character data and the null terminator |
| SEI CERT C Coding Standard | ARR38-C. Guarantee that library functions do not form invalid pointers |
| MITRE CWE | CWE 119, Failure to Constrain Operations within the Bounds of an Allocated Memory Buffer CWE 805, Buffer Access with Incorrect Length Value |
Bibliography
| [ISO/IEC 14882-2014] | Subclause 25.3, "Mutating Sequence Operations" |
| [ISO/IEC TR 24772-2013] | Buffer Overflow in Heap [XYB] Buffer Overflow in Stack [XYW] Unchecked Array Indexing [XYZ] |
| [Meyers |
| 2001] | Item 30, "Make Sure Destination Ranges Are Big Enough" |
...
...