SEC-BUFFER-std-sort-overrun-pos (C++ only)
In this section:
Synopsis
Use of std::sort might cause a buffer overrun.
Enabled by default
No
Severity/Certainty
High/Medium
Full description
std::sort can take a pointer to an array and a pointer to the end of the array as arguments. However, if the pointers do not point into the same array, or if the end pointer is so far away that some elements outside the array are included, a buffer overrun might occur. Ensure that both pointers passed to std::sort point within the same buffer.
Coding standards
- CWE 122
Heap-based Buffer Overflow
- CWE 121
Stack-based Buffer Overflow
- CWE 119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Code examples
The following code example fails the check and will give a warning:
#include <algorithm>
void example(void) {
int a[10] = {0,1,2,3,4,5,6,7,8,9};
std::sort(a, a+11);
}
The following code example passes the check and will not give a warning about this issue:
#include <algorithm>
void example(void) {
int a[10] = {0,1,2,3,4,5,6,7,8,9};
std::sort(a, a+5);
}