C++: doc fixes to VeryLikelyOverrunWrite

2026-05-04 05:05:12 +02:00 · 2021-12-15 14:24:24 +00:00
parent c8741f6475
commit aac029841a
2 changed files with 2 additions and 2 deletions
--- a/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
+++ b/cpp/ql/src/Security/CWE/CWE-120/UnboundedWrite.ql
@@ -33,7 +33,7 @@ import TaintedWithPath
 *    hasExplicitLimit()    exists(getMaxData())  exists(getBufferSize(bw.getDest(), _))) handled by
 *    NO                    NO                    either                                  UnboundedWrite.ql isUnboundedWrite()
 *    NO                    YES                   NO                                      UnboundedWrite.ql isMaybeUnboundedWrite()
- *    NO                    YES                   YES                                     OverrunWrite.ql, OverrunWriteFloat.ql
+ *    NO                    YES                   YES                                     VeryLikelyOverrunWrite.ql, OverrunWrite.ql, OverrunWriteFloat.ql
 *    YES                   either                YES                                     BadlyBoundedWrite.ql
 *    YES                   either                NO                                      (assumed OK)
 */
--- a/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.qhelp
+++ b/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.qhelp
@@ -11,7 +11,7 @@

 </recommendation>
 <example>
-<sample src="OverrunWrite.c" />
+<sample src="VeryLikelyOverrunWrite.c" />

 <p>In this example, the call to <code>sprintf</code> writes a message of 14 characters (including the terminating null) plus the length of the string conversion of `userId` into a buffer with space for just 17 characters. While `userId` is checked to occupy no more than 4 characters when converted, there is no space in the buffer for the terminating null character if `userId >= 1000`. In this case, the null character overflows the buffer resulting in undefined behavior.</p>