Buffer overflow not detected

stefan-vc · August 2, 2024, 8:37am

What language is this for?
C
Which rule?
C:S3519
Are you using
- SonarCloud
- SonarLint - Eclipse SonarLint 10.5

When the macro ARRAY_LENGTH is defined in the same file as where it is used, the overflow in the below code is detected. If the macro is moved to an h file and then included, then the buffer overflow does not generate a warning.

//#define ARRAY_LENGTH(array) (sizeof((array))/sizeof((array)[0]))

uint16_t data[8];
uint16_t function(uint16_t in) {
uint16_t out = 0;

for (uint8_t i = 0; i <= ARRAY_LENGTH(data); i++) {
    out += data[i]; // Overflow at iteration 8
}

return out;
}

balazs.benics · August 2, 2024, 9:00am

Thanks for reporting it.
I remember this one We already track it in CPP-3866.
It’s on the radar, and it’s an annoying bug, so we have plans to fix it this year. I can’t give a better ETA, unfortunately.

Topic		Replies	Views
Buffer overflow not detected in C code SonarQube Server / Community Build sonarqube , cfamily , rules	1	197	May 30, 2024
Why is this line of code not reported as a bug? SonarQube Server / Community Build cfamily , false-negative	6	1034	July 1, 2021
C/C++ Sonarqube False Positive Report False-positive / False-negative... sonarqube , scanner , cfamily	2	771	August 11, 2022
Rule S3949 "Integral operations should not overflow" false positives SonarQube Server / Community Build scanner , cfamily	6	1273	March 17, 2022
"Memory copy function overflows destination buffer" - cpp:S3519 false positive? SonarQube Server / Community Build cfamily	4	1146	November 3, 2020

Buffer overflow not detected

Related topics