Array index out of bounds - Not getting reported in C

sonarcfamily

(Shailesh Patil) #1
  • which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)

SonarQube 7.4.0.18908

  • what are you trying to achieve

I am trying to get the “array index out of bounds” to be reported for the below C code

void my_function(char arg1, short int arg2)
{
glbal_array_struct[0].array[arg2] = 0x12;
}
int getValueFromArray(int *array, int len, int index) {
int value;
// check that the array index is less than the maximum
// length of the array
if (index < len) {
// get the value at the specified index of the array
value = array[index];
}
// if array index is invalid then output error message
// and return value indicating error
else {
printf(“Value is: %d\n”, array[index]);
value = -1;
}
return value;
}

  • what have you tried so far to achieve this

Used C example from references
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer


(Massimo Paladin) #2

Hi @shailesh,

could you please rerun your tests with Sonarqube version 7.5? It ships with a completely rewritten C/C++ analyzer (SonarCfamily version 6.0).


(Shailesh Patil) #3

Thank you for the response. I will try with the newer version.