Risky cast after possibly misaligned pointer offsetCXX-S1014Unnecessary copy of non-trivially copyable typeCXX-P2005Found `posix_*` or `pthread_*` return value tested to be negativeCXX-W2013Possible loss of precision due to iterator element type-casting in `std::accumulate`CXX-W2005Missing or incorrect invocation of base class copy constructorCXX-W2003Unintended implicit conversion of a boolean pointer in a conditionCXX-W2002Incorrect usage of erase-remove patternCXX-W2007Unbound checked function calls lacking external bounds checkingCXX-S1003Use of inefficient generic algorithm over efficient container based onesCXX-P2000While processing the buffer using `printf`/`scanf`, not using any width for the format specifier `%s` is vulnerable to buffer overflowCXX-S1004Potential heap memory use after freeCXX-S1012Suspicious `sizeof()` in `strncpy`, `strncat`, or `memcpy`CXX-S1016Modify namespace `std` or `posix` is an undefined behaviorCXX-W2017Audit required: found possible occurrence of secret in sourceCXX-A1004Empty exception handler blockCXX-S1021`std::bad_alloc` exception not caught during memory allocationCXX-W2020Audit required: found a non-const global variableCXX-W2009Avoid using `setjmp()` and `longjmp()` for exception handlingCXX-W2015Found copy-on-return when move-on-return is fasterCXX-P2006Inefficient use of `std::vector` in loopCXX-P2007Potential buffer overrunCXX-S1005Identifier names are typographically ambiguousCXX-W1022Found shadowing of identifiers from outer scopeCXX-W1023Implicit type promotion of `float` to `double` in a math functionCXX-P2001Inefficient character look-up in `std::string`CXX-P2003Found value copy of non-trivially copyable parameterCXX-P2009Found a call to ancestor's virtual method instead of direct parent's methodCXX-W2008Unnecessary expensive copy of loop-based variableCXX-P2004Potential divide by zeroCXX-W1264Side-effects in the right-hand operand of logical operators (`&&`, and `||`)CXX-W1066Audit required: untrusted format stringCXX-A1002Assignment in condition should be parenthesizedCXX-W1161Found incomplete function parameters in declarationCXX-W3032Found use of possibly reserved identifierCXX-E2000Possibly unintended type used in `shared_ptr`CXX-E2001Possibly bad use of `cnd_wait`, `cnd_timedwait`, `wait`, `wait_for`, or `wait_until` function callsCXX-E2002Use of `memset` with possibly unintended behaviourCXX-W2048Use of `realloc` without aliasing can lead to memory leaksCXX-W2049Incorrect use of `strcmp`CXX-W2050Function call might produce in a non-null terminated resultsCXX-W2046Bad signal used to terminate a threadCXX-W2042Possibly unintended overload for constructor due to forwarding referenceCXX-W2044MISRA Required: Size of an array is not specifiedCXX-W3041Use of temporary RAII objectCXX-W2051MISRA Required: A non-null statement should either have a side effect or change control flowCXX-W3006Function should not contain unused 'goto' labelsCXX-W3010MISRA Required: A null statement in original source code should be on a separate line and the semicolon should be followed by at least one white space and then a commentCXX-W3012Implicit widening of multiplication result can cause unintended overflowCXX-W2045MISRA Required: Line-splicing should not be used in single line commentsCXX-W3013MISRA Required: Octal constants should not be usedCXX-W3027Consider using the "u" or "U" suffix for unsigned integer constantsCXX-W3028Avoid using the lowercase `l` character as a literal suffixCXX-W3029String literals should only be assigned to `const`-qualified `char` pointersCXX-W3030MISRA Required: Implicitly specified enumeration constants should be uniqueCXX-W3042MISRA Required: Variables with automatic storage duration should be initialized before being usedCXX-W3045MISRA Required: Arrays should not be partially initializedCXX-W3047MISRA Required: Conversions shall not be performed between a pointer to an incomplete type and any other typeCXX-W3059MISRA Required: The 'goto' statement should not be usedCXX-W3081MISRA Required: The 'goto' statement shouldn't jump to a label declared earlierCXX-W3082MISRA Required: The 'if' ... 'else if' construct should be terminated with an 'else' statementCXX-W3087MISRA Required: Expression resulting from the macro expansion should be surrounded by parenthesesCXX-W3119MISRA Required: The functions from 'qsort/bsearch' should not be usedCXX-W3121MISRA Required: The functions from 'time.h/ctime' should not be usedCXX-W3122MISRA Required: Memory allocation and deallocation functions should not be usedCXX-W3129MISRA Required: The function with the 'atof/atoi/atol/atoll' name should not be usedCXX-W3133MISRA Required: A global variable is not initializedCXX-W3046MISRA Required: The comma operator should not be usedCXX-W3069MISRA Required: A function should have a single point of exit at the endCXX-W3085MISRA Required: The 'default' label should be either the first or the last label of a 'switch' statementCXX-W3092Possibly unintended use of `::empty` over `::clear` in std containersCXX-W2043Avoid `rand()` and `std::rand()` for generating pseudorandom numbersCXX-W2016Using C standard libarary functions `std::memset`, `std::memcmp` or `std::memcpy` on non-trival C++ typesCXX-W2021Ignoring return value from a standard library function that may return an errorCXX-W2022Missing error handling while converting a string to a number, using C stdlib functionsCXX-W2023MISRA Required: The function with the 'abort/exit/getenv/system' name should not be usedCXX-W3134Audit required: calling command processor based `system()` is exploitableCXX-A1001Mutating the source object during copy operationCXX-W2035MISRA Required: Pointer to FILE should not be dereferencedCXX-W3152Found using default opertor `new` for over-aligned typesCXX-W2018Misuse of enum as an improper bitmaskCXX-W2056Found visually ambigious integer literal constantCXX-C2018Use of `nullptr` with string_viewCXX-W2053Use of `sizeof` operator with stl containersCXX-W2054Potentially incorrect `memcmp` over objectsCXX-W2057Buggy or lossy integer to string assignmentCXX-W2060String literals with embedded null char as non-terminatorCXX-W2061Found C-style array declaration in place of `std::array` or `std::vector`CXX-W2066Possibly misspelled virtual functionCXX-W2052Unused exception likely missing `throw`CXX-W2059Macro with multiple statements can end up in unconditional executionCXX-W2063Found an implicit conversion across boolean and other primitive typeCXX-W2065Use of `sizeof` operator with dynamic expressionsCXX-W2055Missing unconditional break statement in switch clauseCXX-C1001Missing default case in switch statementCXX-W1164Special symbols like `*`, `"`, `'`, `\` and `/*` found in header namesCXX-W1207Control variable of `for` loop modified in bodyCXX-W1241Dangling references in value handles `std::string_view`CXX-W2004Calling `std::move` on a trvially copyable parameterCXX-P2010Pointer returned from a function is dereferenced on LHS of an assignementCXX-W1230Iteration expression is outside of `for` loopCXX-W1240Found throwing or partially-throwing move or move-assignment constructorCXX-P2008Move constructor is calling the copy constructor of base classCXX-P2011Switch statement with a single-clauseCXX-W1197Implicit deletion of copy and move assignment constructors due to non-static const data memberCXX-W2010Side effect in array indexCXX-W1247Loop body is not enclosed in `{}`CXX-W1243Use of `sizeof` with an expression as operandCXX-W1188Found use of escape character instead of raw-string literalsCXX-W2025Unhandled self-assignment from user-defined copy constructorCXX-E2003Found usage of `std::auto_ptr` instead of `std::unique_ptr`CXX-W2026Using copy-swap trick instead of `shrink_to_fit()` on `std::vector`CXX-W2027Found use of deprecated C++ headersCXX-W2030Found use of deprecated `ios_base` aliasesCXX-W2031Found use of deprecated `std::random_shuffle` typeCXX-W2032Found redundant use of constructor on return, instead use the braced initializer listCXX-W2033Found use numeric type as booleanCXX-W2034Incorrect access to the enclosing function name within a lambda expressionCXX-W2040Found redundant cloned branchesCXX-W2041Possibly missing commaCXX-W2047Audit required: improper seeding of pseudorandom number generatorCXX-A1000Found `typedef` instead of `using`CXX-W2029Audit required: suspicious placement of semicolon hinting difference in code behaviour and programmer's intentCXX-A1003Type is never usedCXX-W3007MISRA Advisory: Only ISO C escape sequences are allowedCXX-W3014Avoid array-to-pointer decayCXX-C1000Using a copied object of FILE type might not have intended consequencesCXX-C1002Use of variadic function in C++CXX-W2014Avoid using floating point value as a loop counterCXX-W2024Found `push_*` with move over `emplace`CXX-W2028Missing pair of overridden memory management operator `new` and `delete`CXX-W2036Definition in header file could result in ODR violationCXX-W2037Using storage specifier `static` inside an anonymous namespace is redundantCXX-C2021Found the use of static member variable through class instance rather then class nameCXX-C2022Multiple declarations in single statementCXX-C2013Boolean expression can be simplifiedCXX-C2015Using `std::string::compare` over equality operatorsCXX-C2017Found unnecessary member initializationCXX-C2026Found usage of `std::bind` in place of lambda expressionCXX-W2064Misplaced array index in subscript/indexing expressionCXX-C2019Found a non-const pointer type parameter which is never modifiedCXX-C2014Misleading indentationCXX-C2011Redundant access specifiersCXX-C2012Indirect subscript for STL containersCXX-C2016Initializing `std:string` or `std::string_view` is redundantCXX-C2023Found unnecessary conversion from `std::string` to C-style stringCXX-C2024Function with cyclomatic complexity higher than thresholdCXX-R1000Unqualified `auto` definition for pointer typeCXX-W2038Potentially swap argument orderCXX-W2058`std::move` of forwarding references possibly unintendedCXX-W2062Found access to `std::unique_ptr`'s raw pointer while deleting the pointerCXX-C2020Found redundant access to raw pointer while using a smart pointerCXX-C2025
C & C++ logoC & C++/
CXX-S1003

Unbound checked function calls lacking external bounds checkingCXX-S1003

Major severityMajor
Security categorySecurity

Certain functions do not perform bound checks internally, leading to segmentation faults if the caller does not explicitly perform bound checks. Avoid calling such functions without explicitly checking the buffer bounds against the provided value first.

Make sure to perform a bound check before every call to a dangerous function, as global bounds checks may not always hold true at the time the "callsite" is reached.

C users must avoid using dangerous functions that do not check bounds unless they've ensured that the bounds will never get exceeded.

Functions to avoid in most cases (or ensure protection) include the functions,

  • strcpy(),
  • strcat(),
  • sprintf() (with cousin vsprintf()),
  • and, gets().

These should be replaced with functions such as

  • strncpy(),
  • strncat(),
  • snprintf(),
  • and fgets() respectively.

Other dangerous functions that may permit buffer overruns (depending on their use) include,

  • realpath(),
  • getopt(),
  • getpass(),
  • streadd(),
  • strecpy(),
  • and, strtrns().

Bad practice

char* src = "this is a long one I think";
char dst[10] = {};
strcpy(dst, src); // needs bound checking to see if `dst` can store `src`

char* src = "this is a long one I think";
char dst[10] = {};
if strlen(dst) >= strlen(src) { // bound checked
    strcpy(dst, src);
}