LIB-memcpy-overrun-pos
In this section:
Synopsis
A call to memcpy might cause the memory to overrun.
Enabled by default
No
Severity/Certainty
High/Medium
Full description
A call to memcpy might cause the memory to overrun at either the destination or the source address.
Coding standards
- CWE 119
Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE 120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE 121
Stack-based Buffer Overflow
- CWE 122
Heap-based Buffer Overflow
- CWE 124
Buffer Underwrite ('Buffer Underflow')
- CWE 126
Buffer Over-read
- CWE 127
Buffer Under-read
- CWE 805
Buffer Access with Incorrect Length Value
Code examples
The following code example fails the check and will give a warning:
#include <stdlib.h>
void func(int b)
{
int *p1;
int *p2;
if (b) {
p1 = malloc(20);
p2 = malloc(10);
} else {
p2 = malloc(20);
p1 = malloc(10);
}
memcpy(p1, p2, 4);
}
The following code example passes the check and will not give a warning about this issue:
#include <stdlib.h>
void func()
{
int size = 10;
int arr[size];
int *ptr = malloc(size * sizeof(int));
memcpy(ptr, arr, size);
}