JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.
If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.
If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.
| CodeSonar® 9.2p0 | CONFIDENTIAL | CodeSecure Inc |
A size argument to one of the triggering functions is based on a calculation that may involve truncation, thus risking an unexpectedly small operation scope.
(Note: When truncation can affect size calculation for a memory allocation, warning class Truncation of Allocation Size applies instead.)
| Class Name | Truncation of Size | ||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Significance | security | ||||||||||||||||||||||||||||||||||||||||||
| Mnemonic | MISC.MEM.SIZE.TRUNC | ||||||||||||||||||||||||||||||||||||||||||
| Categories |
|
||||||||||||||||||||||||||||||||||||||||||
| Availability | Available for C and C++. |
||||||||||||||||||||||||||||||||||||||||||
| Enabling | Checks for this warning class are
disabled by default. To enable them, add the following WARNING_FILTER
rule to the project configuration file.
WARNING_FILTER += allow class="Truncation of Size" |
Japanese (ja)
#include <string.h>
void do_trunc_size(char *p, int x)
{
memset(p, 0, (short) x); /* Truncation of Size
* warning issued here. */
/* ... */
}
CodeSonar ships with library models that allow it to recognize a large number of functions that operate on memory and take a size argument. Some examples are shown in the table below. If one of these functions is called with a size argument that may have undergone truncation, a warning will be issued.
If you have created a custom library model for some function f() in terms of one of these existing models, calls to f() will also be capable of triggering Truncation of Size warnings.
| Functions that can trigger warnings include... | |
|---|---|
| Apache Portable Runtime (APR) | apr_cpystrn(), apr_pmemdup() |
| gcc Builtins | __builtin___memcpy_chk(), __builtin_strncpy() |
| LDAP | ldap_search_ext() |
| libc | memcpy(), strncat(), write() |
| libpq | PQprepare() |
| Linux Kernel | copy_from_user(), kfree_s() |
| Mac OS X | _FREE_ZONE(), copyin() |
| ODBC | SQLPrepareA(), SQLPrepareUNIX(), SQLPrepareW() |
| OpenSSL | CRYPTO_malloc(), OPENSSL_cleanse() |
| Qt | qMemCopy(), qMemSet() |
| Win32 | BytesToUnicode(), StrNCatA(), StrNCatW(), wcsnlen() |
Note that classes Addition Overflow of Size, Multiplication Overflow of Size, Subtraction Underflow of Size and Truncation of Size all have the same set of triggering functions.
This is a "taint+dp" warning class: warnings of this class undergo a dedicated refinement phase that cannot be disabled. One consequence of this is that reporting exhibits some degree of unavoidable nondeterminism. If result stability is important to you, you may wish to avoid enabling this class.
In issuing a warning of this class, CodeSonar does not take into account any constraints on integer values that are imposed before the beginning of the warning's core path.
The following configuration file parameters affect checks for this warning class.
To report problems with this documentation, please visit https://support.codesecure.com/.