Why is this an issue?
Array overruns and buffer overflows happen when memory access accidentally goes beyond the boundary of the allocated array or buffer. These
overreaching accesses cause some of the most damaging, and hard to track defects.
Noncompliant code example
int array[10];
array[10] = 0; // Noncompliant: index should be between 0 & 9
char *buffer1 = (char *) malloc(100);
char *buffer2 = (char *) malloc(50);
memcpy(buffer2, buffer1, 100); // Noncompliant: buffer2 will overflow.
Compliant solution
int array[10];
array[9] = 0;
char *buffer1 = (char *) malloc(100);
char *buffer2 = (char *) malloc(50);
memcpy(buffer2, buffer1, 50);
Resources
- MITRE, CWE-119 - Improper Restriction of Operations within the Bounds of a Memory
Buffer
- MITRE, CWE-131 - Incorrect Calculation of Buffer Size
- MITRE, CWE-788 - Access of Memory Location After End of Buffer
- CERT, ARR30-C. - Do not form or use out-of-bounds pointers or array subscripts
- CERT, STR50-CPP. - Guarantee that storage for strings has sufficient space for
character data and the null terminator
