JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
C and C++
Binaries

MISC.MEM.OR : Overlapping Memory Regions

Summary

A function that should not operate on overlapping memory regions is instructed to do so.

Properties

Class Name Overlapping Memory Regions
Significance security
Mnemonic MISC.MEM.OR
Categories
MisraC2025 MisraC2025:19.1 An object shall not be assigned or copied to an overlapping object
MisraC2023 MisraC2023:19.1 An object shall not be assigned or copied to an overlapping object
Misra2012 Misra2012:19.1 An object shall not be assigned or copied to an overlapping object
Misra2004 Misra2004:18.2 An object shall not be assigned to an overlapping object
AUTOSARC++14 AUTOSARC++14:M0-2-1 An object shall not be assigned to an overlapping object.
MisraC++2008 MisraC++2008:0-2-1 An object shall not be assigned to an overlapping object.
MisraC++2023 MisraC++2023:0.3.2 A function call shall not violate the function's preconditions
  MisraC++2023:8.18.1 An object or sub-object must not be copied to an overlapping object
CWE CWE:475 Undefined Behavior for Input to API
Availability Available for C and C++.
Enabling Checks for this warning class are enabled by default. To disable them, add the following WARNING_FILTER rule to the project configuration file. 
WARNING_FILTER += discard class="Overlapping Memory Regions"

Example 

#include <string.h>

void f(char *p)
{
    memcpy(p, p, 10); // Warning issued here
}

Triggering Functions

CodeSonar ships with library models that allow it to recognize a large number of functions that take multiple memory region arguments that should not overlap. Some examples are shown in the table below. If one of these functions is called with overlapping memory region arguments, a warning will be issued.

If you have created a custom library model for some function f() in terms of one of these existing models, calls to f() will also be capable of triggering Overlapping Memory Regions warnings.

Functions that can trigger warnings include...
Apache Portable Runtime (APR) apr_cpystrn()
gcc Builtins __builtin___memcpy_chk(), __builtin___strcat_chk()
libc memcpy(), strcat()
Linux Kernel copy_from_user()
Mac OS X copyin()copyin()
ODBC SQLNativeSqlA(), SQLNativeSqlUNIX(), SQLNativeSqlW()
OpenSSL RYPTO_strdup()
Qt qMemCopy()
Win32 StrCatA(), StrCatW(), wcsncpy()

Relevant Configuration File Parameters

The following configuration file parameters affect checks for this warning class.

 

To report problems with this documentation, please visit https://support.codesecure.com/.