LIB-memchr-overrun
In this section:
Synopsis
A call to memchr causes a buffer overrun.
Enabled by default
Yes
Severity/Certainty
High/Medium
Full description
A call to memchr causes a buffer overrun. If memchr is called with a size greater than the size of the allocated buffer, it will overrun and might cause a runtime error.
Coding standards
- CWE 676
Use of Potentially Dangerous Function
- CWE 122
Heap-based Buffer Overflow
- CWE 121
Stack-based Buffer Overflow
- CWE 119
Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE 805
Buffer Access with Incorrect Length Value
Code examples
The following code example fails the check and will give a warning:
#include <stdlib.h>
void example(void) {
char *a = malloc(sizeof(char) * 20);
memchr(a, 'a', 21);
}
The following code example passes the check and will not give a warning about this issue:
#include <stdlib.h>
void example(void) {
char *a = malloc(sizeof(char) * 20);
memchr(a, 'a', 10);
}