Hi,
the code analysis tool we use gives below warning for the functions in which memset / memcpy is used
"The function writes outside the bounds of dup on line 303, which could corrupt data, cause the program to crash, or lead to the execution of malicious code."
could someone please help remove this warning.
Thanks.
Need input!
Yes, that's correct Johnny, we know nothing. :P
@OP:
Do you mind posting the code in question?
Indeed. More info required...
Hi,
the code analysis tool we use gives below warning for the functions in which memset / memcpy is used
"The function writes outside the bounds of dup on line 303, which could corrupt data, cause the program to crash, or lead to the execution of malicious code."could someone please help remove this warning.
Thanks.
The Parasoft Static Code Analysis tool gives you full documentation on how to remediate this type of error as well as all of the 1000+ rules that are available in the solution. If you would like to check it out look here:
http://www.parasoft.com/jsp/technologies/code_analysis.jsp?itemId=324
hi,
here is the function for which the warning is given.
void* MyClass :: doSomething(size_t sz)
{
void *ptr;
if (!ptr) {
ptr = ::operator new(sz);
}
memset(ptr, 0xCD, sz);
}The warning is given for the call to memset on line 8.
request to help.
thanks.
Do you know that new is actually being called? I seriously doubt that the program's flow is going into the statement block controlled by the if statement.
The pointer ptr is a raw uninitialized (dangling) pointer. There is no guarantee that it is a NULL pointer unless you specifically set it to NULL/0. As a result, your if condition becomes false and the statement block gets skipped.
Also, how do you plan to use this pointer? I don't see it returned, deleted, or asssigned to a class member, which means you probably have a memory leak.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.