覆盖写入¶
ID: cpp/overrun-write
Kind: path-problem
Security severity: 9.3
Severity: error
Precision: medium
Tags:
- reliability
- security
- external/cwe/cwe-119
- external/cwe/cwe-131
Query suites:
- cpp-security-extended.qls
- cpp-security-and-quality.qls
在写入和读取操作期间,您必须确保不会超过分配的大小。如果某个操作试图写入或访问分配范围之外的元素,则会导致缓冲区溢出。缓冲区溢出会导致各种问题,从段错误到安全漏洞。
建议¶
检查突出显示的操作中使用的偏移量和大小,以确保不会发生缓冲区溢出。
示例¶
int f(char * s, unsigned size) {
char* buf = (char*)malloc(size);
strncpy(buf, s, size + 1); // wrong: copy may exceed size of buf
for (int i = 0; i <= size; i++) { // wrong: upper limit that is higher than size of buf
cout << buf[i];
}
}