CXX.SUSPICIOUS_INDEX_CHECK.CALL

The CXX.SUSPICIOUS_INDEX_CHECK.CALL checker finds defects when a suspicious index check is present before accessing an array in another function.

Vulnerability and risk

If an array is accessed by an index that is beyond the array’s size, it can lead to data corruption, misbehavior, or crashing.

Mitigation and prevention

Perform proper bound checking before accessing an array at a specific index.

Vulnerable code example

Copy
int get_index();
  
void set(int* arr, int index) {
    arr[index] = 0;
}
  
int main() {
    int SIZE = 15;
    int arr[10];
    int index = get_index();
    
    if (index >= SIZE) {  
        return 0;
    }
    set(arr, index);
}

Klocwork reports CXX.SUSPICIOUS_INDEX_CHECK.CALL on line 15 to warn users about the suspicious index check on line 12.

In another function set, it is possible to reach the array dereference if the "index" range on line 4 is 10-14, which can cause buffer overflow.

Fixed code example

Copy
int get_index();
  
void set(int* arr, int index) {
    arr[index] = 0;
}
  
int main() {
    int SIZE = 10;
    int arr[10];
    int index = get_index();
    
    if (index >= SIZE) {  
        return 0;
    }
    set(arr, index);
}

Buffer overflow is not possible because the constraint "index >= SIZE" on line 12 rules out all bad behavior.

Security training

Application security training materials provided by Secure Code Warrior.