View Help Online

Start here

Home
About Klocwork
What's new
Fixed issues
Release notes
Installation

Reference

C/C++ checkers
Java checkers
C# checkers
MISRA C 2004 checkers
MISRA C++ 2008 checkers
MISRA C 2012 checkers
MISRA C 2012 checkers with Amendment 1
Commands
Metrics
Troubleshooting
Reference

Product components

C/C++ Integration build analysis
Java Integration build analysis
Desktop analysis
Refactoring
Klocwork Static Code Analysis
Klocwork Code Review
Structure101
Tuning
Custom checkers

Coding environments

Visual Studio
Eclipse for C/C++
Eclipse for Java
IntelliJ IDEA
Other

Administration

Project configuration
Build configuration
Administration
Analysis performance
Server performance
Security/permissions
Licensing
Klocwork Static Code Analysis Web API
Klocwork Code Review Web API

Community

View help online
Visit RogueWave.com
Klocwork Support
Rogue Wave Videos

Legal

Legal information

ABV.UNKNOWN_SIZE

Buffer overflow-unknown-sized array index out of bounds

A buffer overflow, or overrun, is an anomaly in which a program writing data to a buffer overruns the buffer's boundaries and overwrites adjacent memory. Typically, this problem occurs when a program is copying strings of characters to a buffer.

C and C++ provide no built-in protection against accessing or overwriting data in any part of memory, and do not automatically check that data written to an array (the built-in buffer type for this language) is within the array's boundaries.

The ABV.UNKNOWN_SIZE checker looks for array bounds violations when the array is of an unknown size.

Vulnerability and risk

Buffer overflows can be triggered by inputs that are designed to execute code or alter the way the program operates. This may result in erratic program behavior, including memory access errors, incorrect results, a crash, or a breach of system security.

Consequences of buffer overflow include valid data being overwritten and execution of arbitrary and potentially malicious code. For example, buffer overflows can manipulate a program in several ways:

  • By overwriting a local variable that is near the buffer in memory to change the behavior of the program to benefit the attacker
  • By overwriting the return address in a stack frame so that execution resumes at the return address specified by the attacker (usually a user input-filled buffer)
  • By overwriting a function pointer or exception handler, which is subsequently executed

Vulnerable code example

 
    1  extern char buf[];
    2
    3  void foo(const char* pbuf)
    4  {
    5    int n = -1;
    6    if (pbuf) {
    7       n = strlen(pbuf);
    8       // more code
    9    }
   10    buf[n] = '\0';
   11  }

Klocwork reports this defect when it's able to conclude that buffer overflows occurs, without knowing the size of the buffer precisely: array 'buf' of unknown size may use index value(s) -1.

Related checkers

External guidance

Extension

This checker can be extended through the Klocwork knowledge base. See Tuning C/C++ analysis for more information.

Parent topic: Buffer overflow
Previous topic: ABV.UNICODE.SELF_MAP
Next topic: NNTS.MIGHT

© Rogue Wave Software, Inc. All rights reserved. | Contact