CXX.SUSPICIOUS_INDEX_CHECK.CALL

The CXX.SUSPICIOUS_INDEX_CHECK.CALL checker finds defects when a suspicious index check is present before accessing an array in another function.

Vulnerability and risk

If an array is accessed by an index that is beyond the array’s size, it can lead to data corruption, misbehavior, or crashing.

Mitigation and prevention

Perform proper bound checking before accessing an array at a specific index.

Vulnerable code example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
int get_index();
  
void set(int* arr, int index) {
    arr[index] = 0;
}
  
int main() {
    int SIZE = 15;
    int arr[10];
    int index = get_index();
    
    if (index >= SIZE) {  
        return 0;
    }
    set(arr, index);
}

Klocwork reports CXX.SUSPICIOUS_INDEX_CHECK.CALL on line 15 to warn users about the suspicious index check on line 12.

In another function set, it is possible to reach the array dereference if the "index" range on line 4 is 10-14, which can cause buffer overflow.

Fixed code example

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
int get_index();
  
void set(int* arr, int index) {
    arr[index] = 0;
}
  
int main() {
    int SIZE = 10;
    int arr[10];
    int index = get_index();
    
    if (index >= SIZE) {  
        return 0;
    }
    set(arr, index);
}

Buffer overflow is not possible because the constraint "index >= SIZE" on line 12 rules out all bad behavior.

Related checkers

• ABV.GENERAL
• CXX.SUSPICIOUS_INDEX_CHECK
• CXX.SUSPICIOUS_INDEX_CHECK.ZERO
• RABV.CHECK
• RN.INDEX

External guidance

• CWE-124: Buffer Underwrite ('Buffer Underflow')
• CWE-125: Out-of-bounds Read
• CWE-787: Out-of-bounds Write
• CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer

Security training

Application security training materials provided by Secure Code Warrior.

• Buffer Overflow Training Video - Test your skills with a training example