stackoom
  简体   繁体   中英

memcpy flagged for buffer overflow

 原文  2018-02-16 06:01:20       c++/ static-analysis/ buffer-overflow

Question

I am running a static security analyzer on some old C++ code. It is flagging the ::memcpy call as a buffer overflow violation. The code looks fine to me. Why is it complaining? 

#define ALLOC_SIZE 4 * 1024

int arr_max = ALLOC_SIZE;
int *arr = new int[arr_max];    

// ...

void resize_arr() {
  int* new_arr = new int[arr_max + ALLOC_SIZE];
  ::memcpy(new_arr, arr, arr_max * sizeof(int)); // BUFFER OVERFLOW
  arr_max += ALLOC_SIZE;    
  delete [] arr;
  arr = new_arr;
}

1 answers

solution1
 0  2018-02-16 08:33:07

不知道您的代码分析器有多聪明,但是如果您对resize_arr函数进行了足够的余量调用,则arr_max最终将溢出并可能导致缓冲区溢出。

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question memcpy not copying into buffer memcpy a pointer to a char buffer Is memcpy OK in buffer reallocation? Stack overflow when passing a vector to memcpy Memcpy int to char buffer - as alternative to sprintf Coping buffer using memcpy results to output 0? memcpy from graphic buffer is slow in Android Is the usage of reinterpret_cast on a memcpy buffer UB? Copying an integer to a Buffer memcpy C++ I can not overflow buffer
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM