SV.UNBOUND_STRING_INPUT.CIN

Buffer overflow from unbounded string input

The string copy function is used to copy a string of characters to a buffer of memory. The strcpy function has no argument to limit the size of the written data, so a buffer overflow may result.

The SV.UNBOUND_STRING_INPUT.CIN checker looks for code calling string copy functions that don't specify a buffer size-either getwd() or a function that uses C++ input.

Vulnerability and risk

If the string copy function is called without a size parameter, a buffer overrun error can result. This can lead to application instability or, with a carefully constructed attack, code injection, or other vulnerabilities.

Mitigation and prevention

To avoid this vulnerability, make sure you use functions that have buffer size as an input parameter, or use a function like strlen() to determine the buffer size you need.

Related checkers

• SV.UNBOUND_STRING_INPUT.FUNC

External guidance

• CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
• CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
• CWE-125: Out-of-bounds Read
• CWE-242: Use of Inherently Dangerous Function
• CWE-787: Out-of-bounds Write
• CERT ARR00-C: Understand how arrays work
• CERT STR50-CPP: Guarantee that storage for strings has sufficient space for character data and the null terminator

Security training

Application security training materials provided by Secure Code Warrior.

• Buffer Overflow Training Video - Test your skills with a training example