JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
C and C++

MISC.MEM.SIZE.TRUNC : サイズの切り捨て

要旨

(メモリ割り当て以外の)サイズの計算は、 切り捨てを起こし予期せず作動範囲が小さくなる危険性が あります。

(注:切り捨てがメモリ割り当てサイズの計算に影響する場合は、 代わりに (割り当てサイズの切り捨て) が適用されます)

プロパティ

クラス名 Truncation of Size
日本語クラス名 サイズの切り捨て
クラス分類 セキュリティ (security)
ニーモニック MISC.MEM.SIZE.TRUNC
カテゴリー
MisraC2025 MisraC2025:21.18 The size_t argument passed to any function in <string.h> shall have an appropriate value
MisraC2023 MisraC2023:21.18 The size_t argument passed to any function in <string.h> shall have an appropriate value
Misra2012 Misra2012:21.18 The size_t argument passed to any function in <string.h> shall have an appropriate value
AUTOSARC++14 AUTOSARC++14:A4-7-1 An integer expression shall not lead to data loss.
MisraC++2023 MisraC++2023:0.3.2 A function call shall not violate the function's preconditions
CWE CWE:192 Integer Coercion Error
  CWE:197 Numeric Truncation Error
  CWE:680 Integer Overflow to Buffer Overflow
TS17961 TS17961:5.45-taintsink Tainted, potentially mutilated, or out-of-domain integer values are used in a restricted sink
CERT-C CERT-C:INT02-C Understand integer conversion rules
  CERT-C:INT18-C Evaluate integer expressions in a larger size before comparing or assigning to that size
  CERT-C:INT31-C Ensure that integer conversions do not result in lost or misinterpreted data
JSF++ JSF++:203 Evaluation of expressions shall not lead to overflow/underflow (unless required algorithmically and then should be heavily documented).
  JSF++:212 Underflow or overflow functioning shall not be depended on in any special way.
対応言語 C および C++ で利用可能です。
有効/無効設定 このワーニングクラスのチェックはデフォルトで無効になっています。チェックを有効にするにはプロジェクト設定ファイル (configuration file)に以下の WARNING_FILTER ルールを追加してください。 
WARNING_FILTER += allow class="Truncation of Size"


#include <string.h>

void do_trunc_size(char *p, int x)
{
    memset(p, 0, (short) x);  /* Truncation of Size
                               * warning issued here. */
    /* ... */
}

ワーニングを引き起こす関数

CodeSonar ships with library models that allow it to a large number of functions that operate on memory and take a size argument. If one of these functions is called with a size argument that may have undergone truncation, a warning will be issued.

If you have created a custom library model for some function f() in terms of one of these existing models, calls to f() will also be capable of triggering Truncation of Size warnings.

Functions that can trigger warnings include...
Apache Portable Runtime (APR) apr_cpystrn(), apr_pmemdup()
gcc Builtins __builtin___memcpy_chk(), __builtin_strncpy()
LDAP ldap_search_ext()
libc memcpy(), strncat(), write()
libpq PQprepare()
Linux Kernel copy_from_user(), kfree_s()
Mac OS X _FREE_ZONE(), copyin()
ODBC SQLPrepareA(), SQLPrepareUNIX(), SQLPrepareW()
OpenSSL CRYPTO_malloc(), OPENSSL_cleanse()
Qt qMemCopy(), qMemSet()
Win32 BytesToUnicode(), StrNCatA(), StrNCatW(), wcsnlen()

Note that classes Addition Overflow of Size, Multiplication Overflow of Size, Subtraction Underflow of Size and Truncation of Size all have the same set of triggering functions.

注釈

CodeSonar はワーニングの実行パス (core path) に入る前に与えられる整数値の制約は考慮していません。

関連のある設定ファイルパラメータ

設定ファイルの以下のパラメータがこのワーニングクラスのチェックに影響します。

 

To report problems with this documentation, please visit https://support.codesecure.com/.