LANG.MEM.TBA : Tainted Buffer Access

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

A buffer read or write location is determined using a potentially-tainted value that may lie outside the buffer.

This class is similar to Buffer Overrun, Buffer Underrun, Type Overrun and Type Underrun: the sets of warnings produced have some overlap, but are generally incomparable.

Class Name

Tainted Buffer Access

Significance

security

Mnemonic

LANG.MEM.TBA

Categories

MisraC2023	MisraC2023:18.1	A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand
	MisraC2023:18.2	Subtraction between pointers shall only be applied to pointers that address elements of the same array
Misra2012	Misra2012:18.1	A pointer resulting from arithmetic on a pointer operand shall address an element of the same array as that pointer operand
	Misra2012:18.2	Subtraction between pointers shall only be applied to pointers that address elements of the same array
Misra2004	Misra2004:17.1	Pointer arithmetic shall only be applied to pointers that address an array or array element
	Misra2004:17.2	Pointer subtraction shall only be applied to pointers that address elements of the same array
AUTOSARC++14	AUTOSARC++14:M5-0-16	A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array.
	AUTOSARC++14:A27-0-1	Inputs from independent components shall be validated.
MisraC++2008	MisraC++2008:5-0-16	A pointer operand and any pointer resulting from pointer arithmetic using that operand shall both address elements of the same array.
CWE	CWE:20	Improper Input Validation
	CWE:119	Improper Restriction of Operations within the Bounds of a Memory Buffer
TS17961	TS17961:5.14-nullref	5.14. Dereferencing an out-of-domain pointer
	TS17961:5.45-taintsink	5.45. Tainted, potentially mutilated, or out-of-domain integer values are used in a restricted sink
CERT-C	CERT-C:ARR30-C	Do not form or use out-of-bounds pointers or array subscripts
	CERT-C:ARR37-C	Do not add or subtract an integer to a pointer to a non-array object
	CERT-C:ARR39-C	Do not add or subtract a scaled integer to a pointer
	CERT-C:EXP08-C	Ensure pointer arithmetic is used correctly
	CERT-C:INT04-C	Enforce limits on integer values originating from tainted sources
	CERT-C:INT31-C	Ensure that integer conversions do not result in lost or misinterpreted data
	CERT-C:MEM35-C	Allocate sufficient memory for an object
	CERT-C:POS30-C	Use the readlink() function properly
	CERT-C:STR38-C	Do not confuse narrow and wide character strings and functions
CERT-CPP	CERT-CPP:CTR50-CPP	Guarantee that container indices and iterators are within the valid range
	CERT-CPP:CTR52-CPP	Guarantee that library functions do not overflow
JSF++	JSF++:211	Algorithms shall not assume that shorts, ints, longs, floats, doubles or long doubles begin at particular addresses.
DISA-6r1	DISA-6r1:V-222606	The application must validate all input.
	DISA-6r1:V-222609	The application must not be subject to input handling vulnerabilities.
	DISA-6r1:V-222612	The application must not be vulnerable to overflow attacks.
DISA-5r3	DISA-5r3:V-70265	The application must validate all input.
	DISA-5r3:V-70271	The application must not be subject to input handling vulnerabilities.
	DISA-5r3:V-70277	The application must not be vulnerable to overflow attacks.
DISA-4r3	DISA-4r3:V-70265	The application must validate all input.
	DISA-4r3:V-70271	The application must not be subject to input handling vulnerabilities.
	DISA-4r3:V-70277	The application must not be vulnerable to overflow attacks.
DISA-3r10	DISA-3r10:V-6164	The designer will ensure the application validates all input.
	DISA-3r10:V-6165	The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language.
OWASP-2017	OWASP-2017:A8	Insecure deserialization
OWASP-2021	OWASP-2021:A8	Software and data integrity failures

Availability

Available for C and C++.

Enabling

Checks for this warning class are enabled by default. To disable them, add the following WARNING_FILTER rule to the project configuration file.

WARNING_FILTER += discard class="Tainted Buffer Access"

#include <stdio.h>

void tainted_buffer_access(){
    int c;
    char buf[10];

    c = getchar();
    if (c == EOF) {return;}
    buf[c*c] = 'a';  /* 'Tainted Buffer Access' warning issued here */ 
}

This is a "taint+dp" warning class: warnings of this class undergo a dedicated refinement phase that cannot be disabled. One consequence of this is that reporting exhibits some degree of unavoidable nondeterminism. If result stability is important to you, you may wish to use a WARNING_FILTER rule to disable this class.

The following configuration file parameters affect checks for this warning class.

LANG.MEM.TBA : Tainted Buffer Access

Summary

Properties

Example

Note

Relevant Configuration File Parameters