Strings (both character and wide-character) are often subject to buffer overflows, which will overwrite the memory immediately past the string. Many rules warn against buffer overflows, including STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator and VOID STR35-C. Do not copy data from an unbounded source to a fixed-length array. Sometimes the danger of buffer overflows can be minimized by ensuring that arranging memory such that data that might be corrupted by a buffer overflow is not sensitive.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
const size_t String_Size = 20;
struct node_s {
struct node_s* next;
char* name;
}
|
Exceptions
API01-C-EX1: Using a string before sensitive data such as pointers is permitted when it is not practical to segregate the strings from the sensitive data.
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
const size_t String_Size = 20;
struct node_s {
struct node_s* next;
char name[String_Size];
}
struct node_s list[10];
|
...
Risk Assessment
Failure to follow this recommendation can result in memory corruption from buffer overflows, which can easily corrupt data or yield remote code execution.
Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
API01-C | High | Likely | Yes | No | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| array_out_of_bounds field_overflow_upon_dereference | Supported | ||||||
| Parasoft C/C++test |
| CERT_C-API01-a | Avoid overflow when writing to a buffer |