ABV.NON_ARRAY
Non-array object is used as an array
The ABV.NON_ARRAY checker finds defects when any non-array object is used as an array.
Vulnerability and risk
If non-array object is used as an array, then it might corrupt or misinterpret adjacent memory locations.
Mitigation and prevention
The compliant solution is to use only array-object which can be further used to access elements of array.
Vulnerable code example
extern int anything();
void foo(int *arr, int *num_pwr)
{
*num_pwr = anything();
arr[*num_pwr] = 5;
}
void bar(int *arr)
{
int num_pwr;
foo(arr, &num_pwr);
}
void blah()
{
int singleton = 0;
int *p = &singleton;
bar(p); // ABV.NON_ARRAY defect
}Klocwork reports ABV.NON_ARRAY at line 18 because the pointer p, which holds the address of a non-array object, is passed to the function 'bar'. Within 'bar' (at line 6), this pointer is treated as an array, which can potentially corrupt or misinterpret adjacent memory locations.
Fixed code example
extern int anything();
void foo(int *arr, int *num_pwr)
{
*num_pwr = anything();
arr[*num_pwr] = 5;
}
void bar(int *arr)
{
int num_pwr;
foo(arr, &num_pwr);
}
void blah()
{
int arr[2]= {0};
int *p = arr;
bar(p);
}ABV.NON_ARRAY is not applicable in this case because p holds the base address of the array arr, not a non-array object. Therefore, no ABV.NON_ARRAY issue will occur at line 18 in this scenario.
Related checkers
External guidance
- CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE-122: Heap-based Buffer Overflow
- CWE-125: Out-of-bounds Read
- CWE-787: Out-of-bounds Write
- CWE-788: Access of Memory Location After End of Buffer
- CWE-805: Buffer Access with Incorrect Length Value
- CWE-806: Buffer Access Using Size of Source Buffer
- CWE-19: None
Security training
Application security training materials provided by Secure Code Warrior.