I've asked a question about buffer overflow detection few days ago ( sprintf buffer global data overflow - how to detect it, Windows ) and problem can by only solved by cppcheck with standard function ( not secure _s version ).
I went deeper and changed code from
#include <stdio.h>
char buffer[2];
void main()
{
sprintf(buffer,"12345");
}
to
#include <stdio.h>
void f( char *b )
{
sprintf(b,"12345");
}
char buffer[2];
void main()
{
f( buffer );
}
Visual studio 2012 /RTC can handle stack allocated buffer overflow - during runtime, but global data stays undetected.
I guess it is not possible to make deep analysis using cppcheck and this problem is not detected by cppcheck-1.64. Additionally I have tried to use clang with AddressSanitizer ( Windows ) also without good results.
Is is possible to prevent such problems under Windows ( free tool preferably ), if not maybe some linux tool can help?
The answer is a bit late i know, but it could still help in similar cases.
Cppcheck is constantly improved and now able to detect this issue.
The latest version of Cppcheck (version 1.86 at the moment) outputs this error message when the second code example is analyzed:
$ ./cppcheck global_buffer_overflow.c
Checking global_buffer_overflow.c ...
[global_buffer_overflow.c:10] -> [global_buffer_overflow.c:4]: (error) Buffer is accessed out of bounds: buffer
I am not sure if it already worked in version 1.85, but it definitely does not work with 1.84 or older versions. I guess if you hide the global buffer even better Cppcheck is eventually no longer able to detect the issue. Value flow analysis is somewhat complex and needs some resources (memory, time, CPU).