which versions are you using (SonarQube, Scanner, Plugin, and any relevant extension)
sonarqube 10.2 enterprise
how is SonarQube deployed: zip, Docker, Helm
zip
what are you trying to achieve
void epg_rule1_bad_heap() {
int *buffer = (int *) malloc(10 * sizeof(int)); // 40 bytes
int i = 0;
for(; i <= 10; i++) { // Defect: writes buffer[10] and overruns memory
buffer[i] = i;
}
}
what have you tried so far to achieve this
Do not share screenshots of logs – share the text itself (bonus points for being well-formatted)!
Hello!
I wonder if this rule can detect defects in the code below
void epg_rule1_bad_heap() {
int *buffer = (int *) malloc(10 * sizeof(int)); // 40 bytes
int i = 0;
for(; i <= 10; i++) { // Defect: writes buffer[10] and overruns memory
buffer[i] = i;
}
}
FYI, you can explore the capabilities of our C++ analyzer in any of our products, the fastest might be SonarLint. Since a few months ago you can also play with it in Compiler Explorer.
Now to your question.
Unfortunately, no: While we do detect buffer overruns, in your particular case, the overrun happens on the 11th iteration of the loop, which falls outside of the modeling of our analyzer. We can detect the overflow if it happens on iteration 4, though, but that is the limit at the moment.
No, you cannot change this parameter - it is not exposed in the analyzer configuration.
We fine-tuned it to work well enough in the common case. Changing its value might have unexpected side effects beyond simply slowing down the analysis.