JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
C and C++

Source File Patching Example

This section uses a template header example to illustrate the process of creating and incorporating a new source file patch.

This technique can be applied to any C or C++ source file.

Suppose we have some code that makes use of various Boost functions and types for random number generation.

#include <iostream>
#include <ctime>

#include <boost/random/uniform_int.hpp>
#include <boost/random/mersenne_twister.hpp>
#include <boost/random/variate_generator.hpp>

int main(int argc, char *argv[])
{
    int buf[256];
    boost::mt19937 gen(static_cast<unsigned int>(std::time(0)));
    boost::uniform_int<> dist(0, 256);
    boost::variate_generator<boost::mt19937&,
                             boost::uniform_int<> > ugen(gen, dist);
    // Potential overrun - random number range is off-by-one
    buf[ugen()];

    return 0;
}

CodeSonar cannot determine the value that ugen() will return. In particular, it cannot determine that ugen may return 256, and so it does not issue a Buffer Overrun warning. This is a false negative.

We need to create a patch that models Boost's random number generation behavior so that CodeSonar can understand it. The most straightforward approach is to model the generated random numbers as bounded adversarial values, using cs_untrusted_value().

The patch is created as follows. (In this example, Boost is located at /my_project/boost_1_48_0/).

  1. Determine that the random number is being generated in /my_project/boost_1_48_0/boost/random/uniform_int_distribution.hpp
  2. Make a copy of this file.
    cp /my_project/boost_1_48_0/boost/random/uniform_int_distribution.hpp /my_project/temp/uniform_int_distribution.hpp
  3. Edit the copy (/my_project/temp/uniform_int_distribution.hpp) so that the two uniform_int_distribution::operator() functions model their return values as: 
        result_type rv = (result_type)cs_untrusted_value();
    csonar_assert(rv >= _min && rv <= _max);
    return rv;
  4. Create a directory for the header patch models to live in, if you don't already have one.
    mkdir /my_project/header_patches
  5. Create a directory for this new patch. The directory name must match the filename of the header we are patching.
    mkdir /my_project/header_patches/uniform_int_distribution.hpp
  6. Create the patch using normal diff tools. For example, using GNU diffutils:
    diff -u5 /my_project/boost_1_48_0/boost/random/uniform_int_distribution.hpp
    /my_project/temp/uniform_int_distribution.hpp
    > /my_project/header_patches/uniform_int_distribution.hpp/boost_1_48_0
    The patch file itself can have any name. We choose here to give it a name that will remind us which version of Boost the patch was generated from.
  7. Edit the configuration file to add the following rule. 
    SOURCE_PATCH_DIRECTORIES += /my_project/header_patches/
  8. Run the CodeSonar build/analysis.
  9. Check that the patch was applied and worked as expected.
 

To report problems with this documentation, please visit https://support.codesecure.com/.