Examples of errors detected by the V645 diagnostic

V645. The function call could lead to the buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold.


ReactOS

V645 The 'strncat' function call could lead to the 'CmdLine' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. cmds.c 1314

V645 The 'strncat' function call could lead to the 'CmdLine' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. cmds.c 1319

V645 The 'strncat' function call could lead to the 'CmdLine' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. cmds.c 1320


void shell(int argc, const char *argv[])
{
  char CmdLine[MAX_PATH];
  ....
  strcpy( CmdLine, ShellCmd );

  if (argc > 1)
  {
    strncat(CmdLine, " /C", MAX_PATH);
  }

  for (i=1; i<argc; i++)
  {
    strncat(CmdLine, " ", MAX_PATH);
    strncat(CmdLine, argv[i], MAX_PATH);
  }
  ....
}

Identical errors can be found in some other places:

  • V645 The 'wcsncat' function call could lead to the 'szFileName' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. logfile.c 50

ICU

V645 The 'strncat' function call could lead to the 'plugin_file' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. icuplug.c 739

V645 The 'strncat' function call could lead to the 'plugin_file' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. icuplug.c 740

V645 The 'strncat' function call could lead to the 'plugin_file' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. icuplug.c 741


#define uprv_strncat(dst, src, n) \
  U_STANDARD_CPP_NAMESPACE strncat(dst, src, n)

static char plugin_file[2048] = "";

U_CAPI void U_EXPORT2
uplug_init(UErrorCode *status)
{
  ....
  uprv_strncpy(plugin_file, plugin_dir, 2047);
  uprv_strncat(plugin_file, U_FILE_SEP_STRING,2047);
  uprv_strncat(plugin_file, "icuplugins",2047);
  uprv_strncat(plugin_file, U_ICU_VERSION_SHORT ,2047);
  uprv_strncat(plugin_file, ".txt" ,2047);
  ....
}

Multi Theft Auto

V645 The 'strncat' function call could lead to the 'szRightName' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. cluaacldefs.cpp 400


int CLuaACLDefs::aclListRights ( lua_State* luaVM )
{
  char szRightName [128];
  ....
  strncat ( szRightName, (*iter)->GetRightName (), 128 );
  ....
}

Identical errors can be found in some other places:

  • V645 The 'strncat' function call could lead to the 'szObjectType' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. caccesscontrollistgroup.cpp 226

Miranda NG

V645 The 'strncat' function call could lead to the 'buff' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. Miranda fontoptions.cpp 162


BOOL ExportSettings(....)
{
  ....
  char header[512], buff[1024], abuff[1024];
  ....
  strncat(buff, abuff, SIZEOF(buff));
  ....
}

Identical errors can be found in some other places:

  • V645 The 'strncat' function call could lead to the 'buff' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. Miranda fontoptions.cpp 179
  • V645 The 'strncat' function call could lead to the 'buff' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. Miranda fontoptions.cpp 183
  • V645 The 'strncat' function call could lead to the 'buff' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. Miranda fontoptions.cpp 186
  • And 45 additional diagnostic messages.

Miranda NG

V645 The 'strncat' function call could lead to the 'filename' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. GG filetransfer.cpp 273


void __cdecl GGPROTO::dccmainthread(void*)
{
  ....
  strncat(filename, (char*)local_dcc->file_info.filename,
          sizeof(filename) - strlen(filename));
  ....
}

Identical errors can be found in some other places:

  • V645 The 'strncat' function call could lead to the 'filename' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. GG filetransfer.cpp 304
  • V645 The 'strncat' function call could lead to the 'filename' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. GG filetransfer.cpp 503
  • V645 The 'strncat' function call could lead to the 'filename' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. GG filetransfer.cpp 534
  • And 31 additional diagnostic messages.


Do you make errors in the code?

Check your code
with PVS-Studio

Static code analysis
for C, C++ and C#

goto PVS-Studio;