V2513. MISRA. Unbounded functions performing string operations should not be used.

This diagnostic rule is based on the software development guidelines developed by MISRA (Motor Industry Software Reliability Association).

This diagnostic rule is relevant only to C++ programs.

The analyzer issues the warning when it detects the following functions:

  • strcpy;
  • strcmp;
  • strcat;
  • strchr;
  • strspn;
  • strcspn;
  • strpbrk;
  • strrchr;
  • strstr;
  • strtok;
  • strlen.

Incorrect use of these functions may result in undefined behavior since they do not perform bound checking when reading from or writing to the buffer.

Here is an example of code triggering this warning:

int strcpy_internal(char *dest, const char *source)
{
  int exitCode = FAILURE;
  if (source && dest)
  {
    strcpy(dest, source);
    exitCode = SUCCESS;
  }

  return exitCode;
}

According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-676.


Bugs Found

Checked Projects
411
Collected Errors
14 100
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site. Learn More →
Accept