Q
Detector Library
C detectors (34/34)
Logging of sensitive informationInsecure Use Of ChrootDeadlock And Lock InconsistencyUnsafe File ExtensionOS command injectionIncorrect Use Of FreeUse Of Uninitialized VariableInsecure Use strcat fnSQL injectionBitwise Operator On Signed OperandInsecure use gets fnRandom fd exhaustionRedundant Free UsageInsecure Use MemsetDivide By Zero.Return Stack AddressUnchecked Return ValueIncorrect Format SpecifierUnhandled Expression ResultPath traversalImproper Input ValidationOut Of Bounds ReadInteger OverflowInsecure use strtok functionImproper size of a memory bufferincomplete-cleanupNull pointer dereferenceInsecure Temporary File Or DirectoryInsecure Buffer AccessIncorrect Use Ato FnLoose File PermissionsExposure of Sensitive InformationOut-of-bounds WriteString Equality
Improper size of a memory buffer High
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. As a result, an attacker may be able to execute arbitrary code, alter the intended control flow, read sensitive information, or cause the system to crash.
Detector ID
c/improper-size-of-a-memory-buffer@v1.0
Category
Tags
Noncompliant example
1#include <stdio.h>
2#include <unistd.h>
3#include <fcntl.h>
4
5void improperSizeOfAMemoryBufferNonCompliant() {
6 int fd;
7 char buff[1024];
8 char path[] = "Documents/example.txt";
9
10 fd = open(path, O_RDONLY);
11
12 int size = 1027;
13 // Noncompliant: size argument exceeds the actual size of the buffer.
14 read(fd, buff, size);
15
16 printf("\n\n%s\n\n",buff);
17}
Compliant example
1int improperSizeOfAMemoryBufferCompliant()
2{
3 char array[10];
4 initialize(array);
5 // Compliant: size argument is same as the actual size of the buffer.
6 char *pos = memchr(array, '@', sizeof(array));
7
8 return 0;
9}