ABV.UNICODE.SELF_MAP

Buffer overflow-array index out of bounds in failed mapping function

ABV.UNICODE.SELF_MAP checks for buffer overrun conditions caused in failed MultiByteToWideChar and WideCharToMultiByte mapping functions. Typically, the checker detects an error condition when the source and destination pointers of the mapping function are the same.

For more information on the MultiByteToWideChar and WideCharToMultiByte mapping functions, see the MSDN website.

Vulnerability and risk

Using these mapping functions incorrectly can compromise the security of an application by causing a buffer overflow. To avoid this potential condition, it's important to specify a buffer size that is appropriate for the data type the buffer receives.

Vulnerable code example

1  int
2  foo(void *src,  int size) {
3     WideCharToMultiByte(CP_ACP, 0, (wchar_t)src, -1, src, size, 0, 0);
4     MultiByteToWideChar(CP_ACP, 0, src, -1, src, 30);  
5  }

Klocwork produces a message for both lines 3 and 4 in this example, indicating that the source and destination pointers must not be the same. The checker has found failed WideCharToMultiByte and MultiByteToWideChar mapping functions that have caused a buffer overrun condition.

Related checkers

• ABV.GENERAL
• ABV.TAINTED
• ABV.UNICODE.BOUND_MAP
• ABV.UNICODE.FAILED_MAP
• ABV.UNICODE.NNTS_MAP
• ABV.UNICODE.SELF_MAP
• NNTS.MIGHT
• NNTS.MUST
• NNTS.TAINTED
• SV.STRBO.BOUND_COPY.OVERFLOW
• SV.STRBO.BOUND_COPY.UNTERM
• SV.STRBO.BOUND_SPRINTF
• SV.STRBO.UNBOUND_COPY
• SV.STRBO.UNBOUND_SPRINTF

External guidance

• CWE-176: Improper Handling of Unicode Encoding
• Security considerations: International features
• STIG-ID:APP3590.1 Application is vulnerable to buffer overflows

Extension

This checker can be extended through the Klocwork knowledge base. See Tuning C/C++ analysis for more information.