...
Failing to validate the parameters in library functions may result in an access violation or a data integrity violation. Such a scenario indicates a flaw in how the library is used by the calling code. However, the library itself may still be the vector by which the calling code's vulnerability is exploited.
Recommendation | Severity | Likelihood |
|---|
Detectable | Repairable | Priority | Level |
|---|---|---|---|
API00-C | Medium | Unlikely |
No | No | P2 | L3 |
|---|
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported | |||||||
| CodeSonar |
| LANG.STRUCT.UPD | Unchecked parameter dereference | ||||||
| Parasoft C/C++test |
CODSTA-86
Invalid use of standard library memory routine
Invalid use of standard library routine
Invalid use of standard library string routine
Standard library memory function called with invalid arguments
Wrong arguments to standard library function
Standard library string function called with invalid arguments
Argument to a standard function does not meet requirements for use in the function
Defects related to code elements from an unsecure source
| CERT_C-API00-a | The validity of parameters must be checked inside each function | |||||||
| PC-lint Plus |
| 413, 613, 668 | Partially supported: reports use of null pointers including function parameters which are assumed to have the potential to be null | ||||||
| PVS-Studio |
| V781, V1111 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|---|---|
| CERT C |
| MSC08-CPP. Functions should validate their parameters |
| Prior to 2018-01-12: CERT: Unspecified Relationship | ||
| CWE 2.11 | CWE-20, Insufficient input validation | Prior to 2018-01-12: CERT: |
| MITRE CWE | CWE-476 | Prior to 2018-01-12: |
Bibliography
...
...