hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

C++: tweak overrunning write qhelp files

Browse Source
This commit is contained in:
Paolo Tranquilli
2021-12-14 14:45:35 +00:00
committed by GitHub
parent 8ac34f3db5
commit 106400238a
2 changed files with 7 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.qhelp
View File

@@ -15,11 +15,12 @@
<p>In this example, the call to <code>sprintf</code> writes a message of 14 characters (including the terminating null) plus the length of the string conversion of `userId` into a buffer with space for just 18 characters. As such, if `userId` is greater or equal to `10000`, the last characters overflow the buffer resulting in undefined behavior.</p>
<p>To fix this issue one of three changes should be made:</p>
<p>To fix this issue these changes should be made:</p>
<ul>
<li>Preferably, replace the call to <code>sprintf</code> with <code>snprintf</code>, specifying a define or `sizeof(buffer)` as maximum length to copy. This will prevent the buffer overflow.</li>
<li>If `userId` is expected to be less than `10000`, then return or throw an error if `userId` is out of bounds.</li>
<li>Consider increasing the buffer size to at least 25 characters, so that the message is displayed correctly regardless of the value of `userId`.</li>
<li>Control the size of the buffer by declaring it with a compile time constant</li>
<li>Preferably, replace the call to <code>sprintf</code> with <code>snprintf</code>, using the defined constant size of the buffer or `sizeof(buffer)` as maximum length to write. This will prevent the buffer overflow.</li>
<li>Optionally, if `userId` is expected to be less than `10000`, then return or throw an error if `userId` is out of bounds.</li>
<li>Otherwise, consider increasing the buffer size to at least 25 characters, so that the message is displayed correctly regardless of the value of `userId`.</li>
</ul>
</example>

3
cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.qhelp
View File

@@ -17,7 +17,8 @@
<p>To fix this issue these changes should be made:</p>
<ul>
<li>Preferably, replace the call to <code>sprintf</code> with <code>snprintf</code>, specifying a define or `sizeof(buffer)` as maximum length to copy. This will prevent the buffer overflow.</li>
<li>Control the size of the buffer by declaring it with a compile time constant</li>
<li>Preferably, replace the call to <code>sprintf</code> with <code>snprintf</code>, using the defined constant size of the buffer or `sizeof(buffer)` as maximum length to write. This will prevent the buffer overflow.</li>
<li>Increasing the buffer size to account for the full range of `userId` and the terminating null character.</li>
</ul>