Movatterモバイル変換

[0]ホーム
URL:

CodeQL documentation
CodeQL resources

Overrunning write

ID: cpp/overrun-writeKind: path-problemSecurity severity: 9.3Severity: errorPrecision: mediumTags:   - reliability   - security   - external/cwe/cwe-119   - external/cwe/cwe-131Query suites:   - cpp-security-extended.qls   - cpp-security-and-quality.qls

Click to see the query in the CodeQL repository

You must ensure that you do not exceed the size of an allocation during write and read operations. If an operation attempts to write to or access an element that is outside the range of the allocation then this results in a buffer overflow. Buffer overflows can lead to anything from a segmentation fault to a security vulnerability.

Recommendation

Check the offsets and sizes used in the highlighted operations to ensure that a buffer overflow will not occur.

Example

intf(char*s,unsignedsize){char*buf=(char*)malloc(size);strncpy(buf,s,size+1);// wrong: copy may exceed size of buffor(inti=0;i<=size;i++){// wrong: upper limit that is higher than size of bufcout<<buf[i];}}

References

  • I. Gerg.An Overview and Example of the Buffer-Overflow Exploit. IANewsletter vol 7 no 4. 2005.

  • M. Donaldson.Inside the Buffer Overflow Attack: Mechanism, Method & Prevention. SANS Institute InfoSec Reading Room. 2002.

  • Common Weakness Enumeration:CWE-119.

  • Common Weakness Enumeration:CWE-131.

[8]ページ先頭
©2009-2025 Movatter.jp