mirror of
https://github.com/github/codeql.git
synced 2026-01-25 12:22:57 +01:00
42 lines
1.2 KiB
XML
42 lines
1.2 KiB
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
|
|
|
|
<overview>
|
|
<p>
|
|
This rule finds <code>malloc</code> that use a <code>strlen</code> for the size but to not take the
|
|
zero terminator into consideration, and <code>strcat/strncat</code> calls that are done on buffers that do
|
|
not have the sufficient size to contain the new string.
|
|
</p>
|
|
|
|
<p>
|
|
The indicated expression will cause a buffer overflow due to a buffer that is of insufficient size to contain
|
|
the data being copied. Buffer overflows can result to anything from a segfault to a security vulnerability (particularly
|
|
if the array is on stack-allocated memory).
|
|
</p>
|
|
|
|
<include src="aliasAnalysisWarning.qhelp" />
|
|
|
|
</overview>
|
|
<recommendation>
|
|
<p>
|
|
Increase the size of the buffer being allocated.
|
|
</p>
|
|
|
|
</recommendation>
|
|
<example><sample src="OverflowCalculated.cpp" />
|
|
|
|
|
|
|
|
</example>
|
|
<references>
|
|
|
|
<li><a href="http://cwe.mitre.org/data/definitions/131.html">CWE-131: Incorrect Calculation of Buffer Size</a></li>
|
|
<li>I. Gerg. <em>An Overview and Example of the Buffer-Overflow Exploit</em>. IANewsletter vol 7 no 4. 2005.</li>
|
|
<li>M. Donaldson. <em>Inside the Buffer Overflow Attack: Mechanism, Method & Prevention</em>. SANS Institute InfoSec Reading Room. 2002.</li>
|
|
|
|
</references>
|
|
</qhelp>
|