SEC-BUFFER-sprintf-overrun
Synopsis
A call to the sprintf function will overrun the target buffer.
Enabled by default
Yes
Severity/Certainty
High/High
Full description
A call to the sprintf function will overrun the target buffer. Consider using a function that allows you to set the buffer length, such as snprintf. Alternatively, you might be able to compare the lenghts of the source and destination buffer before calling sprintf. This check is identical to LIB-sprintf-overrun.
Coding standards
- CERT STR31-C
Guarantee that storage for strings has sufficient space for character data and the null terminator
- CWE 119
Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE 120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE 121
Stack-based Buffer Overflow
Code examples
The following code example fails the check and will give a warning:
char buf[5];
void example(void) {
sprintf(buf, "Hello World!\n");
}
The following code example passes the check and will not give a warning about this issue:
char buf[14];
void example(void) {
sprintf(buf, "Hello World!\n");
}