Module BufferWrite

name
CWE-120
description
Buffer Copy without Checking Size of Input (‘Classic Buffer Overflow’).
kind
problem
problem.severity
recommendation

Import path

semmle.code.cpp.security.BufferWrite

Imports

Alloc
Buffer
Scanf

A library for dealing with scanf-like formatting strings. This is similar to printf.qll but the format specification for scanf is quite different.

Strcat
cpp

Provides classes and predicates for working with C/C++/ObjC/ObjC++ code.

Classes

BufferWrite

An operation that writes a variable amount of data to a buffer (strcpy, strncat, sprintf etc).

BufferWriteCall

A BufferWrite that is also a FunctionCall (most cases).

GetsBW

A call to a variant of gets.

RealpathBW

A call to realpath.

ScanfBW

A string that is written by a scanf-like function.

SnprintfBW

A call to a variant of snprintf.

SprintfBW

A call to a variant of sprintf.

StrCatBW

A call to a variant of strcat.

StrCopyBW

A call to a variant of strcpy.