We’ve just added a new blog post about C++ buffer overflow detection in POSIX functions:
Buffer overflows have been responsible for some of the most notorious crashes, worms, and hacks for more than 30 years, including the Morris worm, the Code Red worm, and the ping of death. More recently, VPNs have been compromised via buffer overflow; an overflow-related code execution flaw was found in macOS Mojave (fixed in Catalina); and a WhatsApp buffer overflow exposed users’ private messages, location, and even camera and mic feeds. In short, buffer overflows aren’t just bugs that could crash your program; they also represent serious threats to security. That’s why we’re excited to announce the availability of a new C and C++ rule to detect overflows in most POSIX functions: S5782, “POSIX functions should not be called with arguments that trigger buffer overflows”.
We wrote some test code to demonstrate the types of issues raised by this rule: