hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-29 10:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

pr fixes

Browse Source
This commit is contained in:
dilanbhalla
2020-08-10 15:30:09 -07:00
parent 6e6921b11e
commit 4dcaa7be57
2 changed files with 37 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

25
cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.cpp Normal file
View File

@@ -0,0 +1,25 @@
///// Library routines /////
int scanf(const char *format, ...);
int sscanf(const char *str, const char *format, ...);
int fscanf(const char *str, const char *format, ...);
///// EXAMPLES /////
int main(int argc, char **argv)
{
// BAD, do not use scanf without specifying a length first
char buf1[10];
scanf("%s", buf1);
// GOOD, length is specified. The length should be one less than the size of the buffer, since the last character is the NULL terminator.
char buf2[10];
sscanf(buf2, "%9s");
// BAD, do not use scanf without specifying a length first
char file[10];
fscanf(file, "%s", buf2);
return 0;
}

12
cpp/ql/src/experimental/Security/CWE/CWE-120/MemoryUnsafeFunctionScan.qhelp
View File

@@ -7,6 +7,18 @@
</overview>
<recommendation>
<p>Specify a length within the format string parameter, and make this length one less than the size of the buffer, since the last character should be reserved for the NULL terminator.</p>
</recommendation>
<example>
<p>The following example demonstrates safe and unsafe uses of scanf type functions.</p>
<sample src="MemoryUnsafeFunctionScan.cpp" />
</example>
<references>
</references>