Is this really a buffer overflow?

Question

Is this really a buffer overflow?

The static analysis tool we use puts C code similar to the following, like a critical buffer overflow.

#define size 64
char  buf [size + 1] = "";
memset (buf, 0, size + 1);

Tool error message: Buffer overflow (array index out of bounds): The size of the buf array is 1. The buf array can use index 0..64.

Is it legal? Does assigning an array of characters to an empty string really result in its length being reduced to one byte, as if it were defined as char buf [] = "";?

+3

c string-literals static-analysis buffer-overflow

An̲̳̳drew Feb 16 '09 at 15:36

source share

4 answers

, char buf [size + 1] , , , buf 65, memset (buf, 0, 65) .

.

[: ]

, :

#define size 64
char buf[size+1];
strcpy(buf, "");
memset(buf, 0, size+1);

, ; , .

+12

Randolpho 16 . '09 15:40

.

This is probably a cleaner way to do this. Of course, this takes less lines of code.

#define size 64
char buf[size + 1] = {0};

+4

Evilteach Feb 17 '09 at 2:06

source share

This is legal - the buffer is large enough. The tool warns you that size_t may be larger than int, and tries to use it as an indexer, which can lead to unpredictable results.

0

sharptooth Feb 16 '09 at 15:44

source share

dave-holm · Accepted Answer · 2009-02-17T01:38:07+0000

"" buf [size + 1] reset buf, , , memset ( - ).

Is this really a buffer overflow?

More articles: