FaultDetection-BufferOverflow¶

The arguments to string handling functions from the Standard Library shall not result in accesses beyond the bounds of the objects referenced by their pointer arguments

Required inputs: IR, StaticSemanticAnalysis

This analysis checks calls to string/buffer functions where a buffer overflow might happen because the size of the buffer is too small for what is copied into it.

Possible Messages

Key	Text	Severity	Disabled
possible_invalid_call_argument	Call to {} with string buffer argument {} that possibly has no valid null delimiter character.	None	False
possible_write_beyond_argument	Call to {} might result in a write access beyond the bounds of argument {}, since argument {} might be too large.	None	False

Options¶

This rule shares the following common options: exclude_in_macros, exclude_messages_in_system_headers, excludes, extend_exclude_to_macro_invocations, includes, justification_checker, languages, post_processing, provider, report_at, severity
The following places define options that affect this rule: Stylechecks, Analysis-GlobalOptions

concat_operations¶

concat_operations

Type: dict[bauhaus.analysis.config.QualifiedName, typing.Tuple[int, int]]

Default:
{
   'strcat': (0, 1)
}

Names of buffer-concatenating functions being relevant as call targets for this check, with the position of the argument pointing to the destination buffer, and the position of the argument that references the buffer that should be appended at the end of the destination buffer.

copy_operations¶

copy_operations

Type: dict[bauhaus.analysis.config.QualifiedName, typing.Tuple[int, int]]

Default:
{
   'strcpy': (0, 1)
}

Names of buffer copy functions being relevant as call targets for this check, with the position of the destination argument and the source argument of the buffer copy operation.

delimiter_of_arguments¶

delimiter_of_arguments

Type: dict[bauhaus.analysis.config.QualifiedName, set[int]]

Default:

{
   'strcat': {0, 1},
   'strchr': {0},
   'strcmp': {0, 1},
   'strcoll': {0, 1},
   'strcpy': {1},
   'strcspn': {0, 1},
   'strlen': {0},
   'strpbrk': {0, 1},
   'strrchr': {0},
   'strspn': {0, 1},
   'strstr': {0, 1},
   'strtok': {0, 1}
}

Names of functions being relevant as call targets for this check, with the position of parameters whose referenced buffers should be checked for being properly terminated by a null terminator.

exclude_warnings_for_unknown_arguments¶

exclude_warnings_for_unknown_arguments : bool = False

Exclude warnings for cases where nothing at all is known about the arguments of an operation, caused e.g. by using return values of external routines.

ignore_calls_in_functions¶

ignore_calls_in_functions : set[bauhaus.analysis.config.QualifiedName] = set()

Qualified names of function definitions in which calls to relevant functions are ignored for this check.

Axivion Suite 7.12.0

Navigation