forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathOverflowCalculated.qhelp
More file actions
41 lines (30 loc) · 1.24 KB
/
OverflowCalculated.qhelp
File metadata and controls
41 lines (30 loc) · 1.24 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
This rule finds <code>malloc</code> that use a <code>strlen</code> for the size but to not take the
zero terminator into consideration, and <code>strcat/strncat</code> calls that are done on buffers that do
not have the sufficient size to contain the new string.
</p>
<p>
The indicated expression will cause a buffer overflow due to a buffer that is of insufficient size to contain
the data being copied. Buffer overflows can result to anything from a segfault to a security vulnerability (particularly
if the array is on stack-allocated memory).
</p>
<include src="aliasAnalysisWarning.qhelp" />
</overview>
<recommendation>
<p>
Increase the size of the buffer being allocated.
</p>
</recommendation>
<example><sample src="OverflowCalculated.cpp" />
</example>
<references>
<li><a href="http://cwe.mitre.org/data/definitions/131.html">CWE-131: Incorrect Calculation of Buffer Size</a></li>
<li>I. Gerg. <em>An Overview and Example of the Buffer-Overflow Exploit</em>. IANewsletter vol 7 no 4. 2005.</li>
<li>M. Donaldson. <em>Inside the Buffer Overflow Attack: Mechanism, Method & Prevention</em>. SANS Institute InfoSec Reading Room. 2002.</li>
</references>
</qhelp>