"Memory set function overflows the destination buffer" problem

Hi, all,

I am using sonarqube versión 8.9, scanner 4.6.0 and SonarCFamily 6.20.
And here comes a captured bug

It doesn’t look like a bug.
and the description is also wierd, what is "?"condition?
Wonder if it’s a false positive?

Hello @deron.chen,

Thanks for reporting this, it might be a false positive indeed.
Could you tell me what is inside the macro CMSG_FIRSTHDR please?

And could you provide me a reproducer file? It would be very helpful for me to understand the issue.
To generate a reproducer file in SonarQube:

  • Add the reproducer option to the scanner configuration:
    sonar.cfamily.reproducer= "Full path to the .cpp file that has or include the file that has the false-positive"
  • Re-running the scanner should generate a file named sonar-cfamily.reproducer in the project folder.
  • Please share this file (I can send you a PM if you want to share it privately)

Thank you


thanks for replying.
Let me check with my supervisor first.
as I understand CMSG_FIRSTHDR is defined in sys/socket.h, the description of the macro is

struct cmsghdr *CMSG_FIRSTHDR(struct msghdr *msgh);

* CMSG_FIRSTHDR() returns a pointer to the first cmsghdr in the
          ancillary data buffer associated with the passed msghdr.  It
          returns NULL if there isn't enough space for a cmsghdr in the

Best Regards,

Hi @deron.chen,
Any update on this?