View Help Online

Start here

Home
About Klocwork
What's new
Fixed issues
Release notes
Installation

Reference

C/C++ checkers
Java checkers
C# checkers
MISRA C 2004 checkers
MISRA C++ 2008 checkers
MISRA C 2012 checkers
MISRA C 2012 checkers with Amendment 1
Commands
Metrics
Troubleshooting
Reference

Product components

C/C++ Integration build analysis
Java Integration build analysis
Desktop analysis
Refactoring
Klocwork Static Code Analysis
Klocwork Code Review
Structure101
Tuning
Custom checkers

Coding environments

Visual Studio
Eclipse for C/C++
Eclipse for Java
IntelliJ IDEA
Other

Administration

Project configuration
Build configuration
Administration
Analysis performance
Server performance
Security/permissions
Licensing
Klocwork Static Code Analysis Web API
Klocwork Code Review Web API

Community

View help online
Visit RogueWave.com
Klocwork Support
Rogue Wave Videos

Legal

Legal information

ABV.UNICODE.FAILED_MAP

Buffer overflow-array index out of bounds in failed mapping function

ABV.UNICODE.FAILED_MAP checks for buffer overrun conditions caused in failed MultiByteToWideChar and WideCharToMultiByte mapping functions. Typically, the checker detects a condition when the source and destination pointers are the same, or the pointer to a buffer that receives the converted string is NULL, but the next parameter (buffer size, in characters) is not set to 0.

For more information on the MultiByteToWideChar and WideCharToMultiByte mapping functions, see the MSDN website.

Vulnerability and risk

Using these mapping functions incorrectly can compromise the security of an application by causing a buffer overflow. To avoid this potential condition, it's important to specify a buffer size that is appropriate for the data type the buffer receives.

Vulnerable code example 1

1  int
2  foo1 (void *src, int size) {
3    int res;
4    res = WideCharToMultiByte(CP_ACP, 0, src, -1, 0, 3, 0, 0);
5    if (res) return res;
6    res = WideCharToMultiByte(CP_ACP, 0, src, -1, NULL, size, 0, 0);
7    if (res) return res;
8    return WideCharToMultiByte(CP_ACP, 0, src, -1, 0, 0, 0, 0);

Klocwork reports an invalid parameter because the pointer to the buffer that receives the converted string is NULL, but the size in bytes is set to 3 instead of 0 in line 4. In this case, the buffer size parameter doesn't correspond to the converted-string buffer pointer.

Related checkers

External guidance

Extension

This checker can be extended through the Klocwork knowledge base. See Tuning C/C++ analysis for more information.

Parent topic: Buffer overflow
Previous topic: ABV.UNICODE.BOUND_MAP
Next topic: ABV.UNICODE.NNTS_MAP

© Rogue Wave Software, Inc. All rights reserved. | Contact