...
Tool | Version | Checker | Description | ||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| integer-overflow | Fully checked | ||||||||||
CodeSonar |
| ALLOC.SIZE.ADDOFLOW | Addition overflow of allocation size | ||||||||||
Compass/ROSE | Can detect violations of this rule by ensuring that operations are checked for overflow before being performed (Be mindful of exception INT30-EX2 because it excuses many operations from requiring validation, including all the operations that would validate a potentially dangerous operation. For instance, adding two | ||||||||||||
Coverity |
| INTEGER_OVERFLOW | Implemented | ||||||||||
Klocwork |
| NUM.OVERFLOW CWARN.NOEFFECT.OUTOFRANGE | |||||||||||
LDRA tool suite |
| 493 S, 494 S | Partially implemented | ||||||||||
Parasoft C/C++test |
| BD-PB-INTOVERF, PB-66_a, PB-66_b | Implemented | CERT_C-INT30-a | Avoid integer overflows | ||||||||
Polyspace Bug Finder |
| CERT C: Rule INT30-C | Checks for:
Rule fully covered. | Polyspace Bug Finder | R2016a | Unsigned integer overflow | Overflow from operation between unsigned integers | ||||||
PRQA QA-C |
| 2910 ([C) 2913 (S)[S], 3383, 3384, 3385, 3386 | Partially implemented | ||||||||||
PRQA QA-C++ |
| 2910, 2911, 2912, 2913 | |||||||||||
PVS-Studio |
| V658 | |||||||||||
RuleCheckerTrustInSoft Analyzer |
| integer-unsigned overflow | Fully checkedExhaustively verified. |
Related Vulnerabilities
CVE-2009-1385 results from a violation of this rule. The value performs an unchecked subtraction on the length
of a buffer and then adds those many bytes of data to another buffer [xorl 2009]. This can cause a buffer overflow, which allows an attacker to execute arbitrary code.
...