SEC-BUFFER-memset-overrun-pos
In this section:
Synopsis
A call to memset might overrun the buffer.
Enabled by default
No
Severity/Certainty
High/Medium
Full description
A call to memset might cause a buffer overrun. If memset is called with a size exceeding the size of the allocated buffer, it will overrun. This might cause a runtime error. Make sure that the size of the buffer passed to memset does not exceed the destination buffer's size. You might need to add a condition before the call to memset.
Coding standards
- CWE 121
Stack-based Buffer Overflow
- CWE 122
Heap-based Buffer Overflow
- CWE 119
Improper Restriction of Operations within the Bounds of a Memory Buffer
Code examples
The following code example fails the check and will give a warning:
#include <stdlib.h>
void example(int b) {
char *a = malloc(sizeof(char) * 20);
int c;
if (b) {
c = 21;
} else {
c = 5;
}
memset(a, 'a', c);
}
The following code example passes the check and will not give a warning about this issue:
#include <stdlib.h>
void example(int b) {
char *a = malloc(sizeof(char) * 20);
int c;
if (b) {
c = 20;
} else {
c = 5;
}
memset(a, 'a', c);
}