Synopsis

A buffer overrun is caused by a call to strncmp.

Enabled by default

Yes

Severity/Certainty

High/Medium

Full description

A buffer overrun is caused by passing an incorrect string length to strncmp. Strncmp limits the number of characters it compares to the number of characters passed as its third argument, to prevent buffer overruns with non-null terminated strings. However, if the number of characters passed exceeds the length of the two strings, and none of these strings is null terminated, then it will overrun. Make sure the length passed to strncmp is correct. You might need to perform an comparison before calling strncmp.

Coding standards

This check does not correspond to any coding standard rules.

Code examples

The following code example fails the check and will give a warning:

#include <stdlib.h>
#include <string.h>

void example(void) {
  char *a = malloc(sizeof(char) * 10);
  char *b = malloc(sizeof(char) * 10);
  strncmp(a, b, 20);
}

The following code example passes the check and will not give a warning about this issue:

#include <stdlib.h>
#include <string.h>

void example(void) {
  char *a = malloc(sizeof(char) * 10);
  char *b = malloc(sizeof(char) * 10);
  strncmp(a, b, 5);
}