V755. Copying from unsafe data source. Buffer overflow is possible.

The analyzer detected that data from an unsafe source are copied to a buffer of a fixed size.

Command-line arguments of unknown length are one example of such a source:

char *tmp = (char*)malloc(1024);
....
strcat(tmp, argv[0]);

If the size of the data being copied exceeds that of the buffer, it will overflow. To avoid this error, the required size of the storage to be allocated should be computed in advance:

char *src = GetData();
char *tmp = (char*)malloc(strlen(src) + strlen(argv[0]) + 1);
....
strcpy(tmp, src);
strcat(tmp, argv[0]);

You can also use the "realloc()" function to allocate memory as needed. In C++, you can use such classes as "std::string" to handle strings.

The warning is not triggered when the data source is unknown:

char *src = GetData();
char *tmp = malloc(1024);
....
strcat(tmp, src);

According to Common Weakness Enumeration, potential errors found by using this diagnostic are classified as CWE-123.


Bugs Found

Checked Projects
410
Collected Errors
14 111
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site. Learn More →
Accept