mirror of
https://github.com/github/codeql.git
synced 2026-06-16 02:11:09 +02:00
30 lines
1.3 KiB
XML
30 lines
1.3 KiB
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
<overview>
|
|
<p>The bounded copy functions <code>memcpy</code>, <code>memmove</code>, <code>strncpy</code>, <code>strncat</code> accept a size argument. You should call these functions with a size argument that is derived from the size of the destination buffer. Using a size argument that is derived from the source buffer may cause a buffer overflow. Buffer overflows can lead to anything from a segmentation fault to a security vulnerability.</p>
|
|
|
|
|
|
</overview>
|
|
<recommendation>
|
|
<p>Check the highlighted function calls carefully, and ensure that the size parameter is derived from the size of the destination buffer,
|
|
not the source buffer.</p>
|
|
|
|
<include src="aliasAnalysisWarning.qhelp" />
|
|
|
|
</recommendation>
|
|
<example><sample src="OverflowDestination.cpp" />
|
|
|
|
|
|
|
|
</example>
|
|
<references>
|
|
|
|
<li><a href="http://cwe.mitre.org/data/definitions/119.html">CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer</a></li>
|
|
<li>I. Gerg. <em>An Overview and Example of the Buffer-Overflow Exploit</em>. IANewsletter vol 7 no 4. 2005.</li>
|
|
<li>M. Donaldson. <em>Inside the Buffer Overflow Attack: Mechanism, Method & Prevention</em>. SANS Institute InfoSec Reading Room. 2002.</li>
|
|
|
|
</references>
|
|
</qhelp>
|