V755. Copying from unsafe data source. Buffer overflow is possible.


The analyzer detected that data from an unsafe source are copied to a buffer of a fixed size.

Command-line arguments of unknown length are one example of such a source:

char *tmp = (char*)malloc(1024);
....
strcat(tmp, argv[0]);

If the size of the data being copied exceeds that of the buffer, it will overflow. To avoid this error, the required size of the storage to be allocated should be computed in advance:

char *src = GetData();
char *tmp = (char*)malloc(strlen(src) + strlen(argv[0]) + 1);
....
strcpy(tmp, src);
strcat(tmp, argv[0]);

You can also use the "realloc()" function to allocate memory as needed. In C++, you can use such classes as "std::string" to handle strings.

The warning is not triggered when the data source is unknown:

char *src = GetData();
char *tmp = malloc(1024);
....
strcat(tmp, src);
   

According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-123.


Bugs Found

Checked Projects
336
Collected Errors
12 743