rspec/rules/S3519/cfamily/rule.adoc

Array overruns and buffer overflows happen when memory access accidentally goes beyond the boundary of the allocated array or buffer. These overreaching accesses cause some of the most damaging, and hard to track defects.


== Noncompliant Code Example

----
int array[10];
array[10] = 0; // Noncompliant: index should be between 0 & 9

char *buffer1 = (char *) malloc(100);
char *buffer2 = (char *) malloc(50);
memcpy(buffer2, buffer1, 100); // Noncompliant: buffer2 will overflow.
----


== Compliant Solution

----
int array[10];
array[9] = 0;

char *buffer1 = (char *) malloc(100);
char *buffer2 = (char *) malloc(50);
memcpy(buffer2, buffer1, 50);
----


== See

* https://cwe.mitre.org/data/definitions/119.html[MITRE, CWE-119] - Improper Restriction of Operations within the Bounds of a Memory Buffer
* https://cwe.mitre.org/data/definitions/131.html[MITRE, CWE-131] - Incorrect Calculation of Buffer Size
* https://cwe.mitre.org/data/definitions/788.html[MITRE, CWE-788] - Access of Memory Location After End of Buffer
* https://wiki.sei.cmu.edu/confluence/x/wtYxBQ[CERT, ARR30-C.] - Do not form or use out-of-bounds pointers or array subscripts
* https://wiki.sei.cmu.edu/confluence/x/i3w-BQ[CERT, STR50-CPP.] - Guarantee that storage for strings has sufficient space for character data and the null terminator


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::message.adoc[]

include::highlighting.adoc[]

'''
== Comments And Links
(visible only on this page)

include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`Array overruns and buffer overflows happen when memory access accidentally goes beyond the boundary of the allocated array or buffer. These overreaching accesses cause some of the most damaging, and hard to track defects.`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`== Noncompliant Code Example`

			`----`
			`int array[10];`
			`array[10] = 0; // Noncompliant: index should be between 0 & 9`

			`char buffer1 = (char ) malloc(100);`
			`char buffer2 = (char ) malloc(50);`
			`memcpy(buffer2, buffer1, 100); // Noncompliant: buffer2 will overflow.`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`== Compliant Solution`

			`----`
			`int array[10];`
			`array[9] = 0;`

			`char buffer1 = (char ) malloc(100);`
			`char buffer2 = (char ) malloc(50);`
			`memcpy(buffer2, buffer1, 50);`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`== See`

			`* https://cwe.mitre.org/data/definitions/119.html[MITRE, CWE-119] - Improper Restriction of Operations within the Bounds of a Memory Buffer`
Update CWE mapping (#534) 2021-10-28 10:07:16 +02:00			`* https://cwe.mitre.org/data/definitions/131.html[MITRE, CWE-131] - Incorrect Calculation of Buffer Size`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`* https://cwe.mitre.org/data/definitions/788.html[MITRE, CWE-788] - Access of Memory Location After End of Buffer`
			`* https://wiki.sei.cmu.edu/confluence/x/wtYxBQ[CERT, ARR30-C.] - Do not form or use out-of-bounds pointers or array subscripts`
			`* https://wiki.sei.cmu.edu/confluence/x/i3w-BQ[CERT, STR50-CPP.] - Guarantee that storage for strings has sufficient space for character data and the null terminator`
Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::message.adoc[]`

			`include::highlighting.adoc[]`

RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

			`include::comments-and-links.adoc[]`
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`