ABV.MEMBERBuffer overflow-array index out of bounds in a structureABV.MEMBER checks for array bounds violations in a class or structure. The checker flags any code in which a buffer overflow will occur as a result of this situation. This checker has been extracted from checker ABV.GENERAL to find these specific buffer overflow situations separately, in case you habitually overflow the structure in your code, in which case you would want to turn this checker off. Vulnerability and riskConsequences of buffer overflow include valid data being overwritten and execution of arbitrary and potentially malicious code. Vulnerable code example
1 typedef struct Data {
2 int kind;
3 char name[8];
4 char ext[3];
5 } Data;
6
7 void resetDefaults(Data *d)
8 {
9 d->kind = 0;
10 memset(d->name, 0, 11);
11 }
Klocwork produces an ABV.MEMBER report at line 10, indicating that array 'd->name' will overflow. If the design intention is to zero the name and extension, then this code isn't a problem. Otherwise, it's best to make the change shown in the following example. Fixed code example
1 typedef struct Data {
2 int kind;
3 char name[8];
4 char ext[3];
5 } Data;
6
7 void resetDefaults(Data *d)
8 {
9 d->kind = 0;
10 memset(d->name, 0, 8);
11 memset(d->ext, 0, 3);
12 }
In the fixed code example, the size of the array has been changed so that array 'd->name' isn't used as an alias for both 'name' and 'ext'. Related checkersExternal guidanceExtensionThis checker can be extended through the Klocwork knowledge base. See Tuning C/C++ analysis for more information. |