Overrunning write¶

ID: cpp/overrun-write Kind: path-problem Security severity: 9.3 Severity: error Precision: medium Tags: - reliability - security - external/cwe/cwe-119 - external/cwe/cwe-131 Query suites: - cpp-security-extended.qls - cpp-security-and-quality.qls 

Click to see the query in the CodeQL repository

You must ensure that you do not exceed the size of an allocation during write and read operations. If an operation attempts to write to or access an element that is outside the range of the allocation then this results in a buffer overflow. Buffer overflows can lead to anything from a segmentation fault to a security vulnerability.

Recommendation¶

Check the offsets and sizes used in the highlighted operations to ensure that a buffer overflow will not occur.

Example¶

intf(char*s,unsignedsize){char*buf=(char*)malloc(size);strncpy(buf,s,size+1);// wrong: copy may exceed size of buffor(inti=0;i<=size;i++){// wrong: upper limit that is higher than size of bufcout<<buf[i];}}

References¶

I. Gerg. An Overview and Example of the Buffer-Overflow Exploit. IANewsletter vol 7 no 4. 2005.
M. Donaldson. Inside the Buffer Overflow Attack: Mechanism, Method & Prevention. SANS Institute InfoSec Reading Room. 2002.
Common Weakness Enumeration: CWE-119.
Common Weakness Enumeration: CWE-131.

© GitHub, Inc.
Terms
Privacy