a case of CWE: 788

Static source code analysis tool for C and C++ code

Brought to you by: danielmarjamaki

a case of CWE: 788

Forum: General Discussion

Creator: AlexHsieh

Created: 2024-08-09

Updated: 2024-08-23

AlexHsieh - 2024-08-09

Hi,
I use cppcheck-2.14.1 to check the following code

#pragma pack(1) typedef struct { long a1; char a2; } SA; #pragma pack() void f() { SA a; char b[5] = {}; memmove(&a, b, sizeof(a)); }

, and get
CWE: 788
Buffer is accessed out of bounds: b

Is this a false positive?

Last edit: AlexHsieh 2024-08-09
If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Andrew C Aitchison - 2024-08-09

long is 8 bytes on most 64bit systems. 8+1 > 5 ... but I still get the warning with
char b[15] = {};

But

void f()
{
SA a[2];
char b[31] = {};
memmove(&a, b, sizeof(a));
}
also fails, suggesting that the long in a[1] will be aligned to b[16].
So, I think cppcheck is ignoring #pragma pack(1)

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:
- AlexHsieh - 2024-08-23
  
  thank you for sharing
  
  If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

CHR - 2024-08-23

Related ticket: https://trac.cppcheck.net/ticket/12060

If you would like to refer to this comment somewhere else in this project, copy and paste the following link:

Log in to post a comment.