CERT C++: CTR52-CPP

Guarantee that library functions do not overflow

Since R2022b

expand all in page

Description

Rule Definition

Guarantee that library functions do not overflow.¹

Polyspace Implementation

The rule checker checks for Library function overflows sequence container.

Examples

expand all

Library Function Overflows Sequence Container

Issue

This issue occurs when you use library functions to copy data into a sequence container that might be too small to hold the data. Polyspace^® reports a violation of this rule when any of these conditions are true:

The destination container might be too small.
The size of the destination container might be unknown.

Functions from the C standard library, such as std::memmove() or std::memset(), overwrite a memory block even if the memory block is invalid. This issue might be prominent when using these functions. Many standard template library (STL) functions are also vulnerable to this issue.

The C++ standard defines vector, list, array, and double ended queue (deque) as sequence containers. See Containers library.

Risk

Copying data into a container that is too small results in buffer overflow. Buffer overflow might overwrite unexpected memory locations, resulting in incorrect results, or unexpected program termination.

Fix

To prevent container overflow, validate the size of the destination container or the incoming data. For instance, restrict the data being copied to the size of the destination container. Alternatively, allocate sufficient memory for the destination container to safely accommodate the incoming data.

Example — Destination Container Too Small

#include <algorithm>
#include <vector>
#include <array>

// Destination container size unknown
void copy_vector(const std::vector<int> &src)
{
	std::vector<int> dest;
	std::copy(src.begin(), src.end(), dest.begin()); //Noncompliant
	// ...
}

//Container too small
void fill_vector()
{
	std::vector<int> v; 
	std::fill_n(v.begin(), 10, 0x42);    //Noncompliant
}
//Container too small
void copy_array(const std::array<int,10>& src, std::array<int,5>& dest) {

	std::copy(src.begin(), src.end(), dest.begin());     //Noncompliant
}

In this example, Polyspace reports violations of this rule on operations that might result in container overflow. For instance:

In the function copy_vector, the size of the destination container dest is unknown. Because std::copy does not check the bounds of the source container, calling this function to copy dest into src results in an overflow if dest is larger than src.
In the function fill_vector, 10 elements are written into the vector v before sufficient memory is allocated for the elements. This operation results in an overflow.
In the function copy_array, a container with 10 elements is copied into a container with five elements, resulting in an overflow.

Correction — Validate Destination Container Size

Verify that the destination container is large enough so that library functions do not overflow. For instance:

In copy_vector, initialize dest with the same size as src.
In fill_vector, allocate sufficient memory to v to accommodate 10 elements.
In copy_array, use the same size for src and dest.

#include <algorithm>
#include <vector>
#include <array>

// Destination container size unknown
void copy_vector(const std::vector<int> &src)
{
	std::vector<int> dest(src.size());
	std::copy(src.begin(), src.end(), dest.begin()); //Compliant   
	// ...
}

//Container too small
void fill_vector()
{
	std::vector<int> v(10); 
	std::fill_n(v.begin(), 10, 0x42);    //Compliant
}
//Container too small

void copy_array(const std::array<int,10>& src, std::array<int,10>& dest) {

	std::copy(src.begin(), src.end(), dest.begin());     //Compliant
}

Check Information

Group: Rule 04. Containers (CTR)

Version History

Introduced in R2022b

¹ This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.