LIB-sprintf-overrun
In this section:
Synopsis
A call to sprintf causes a destination buffer overrun.
Enabled by default
No
Severity/Certainty
High/High
Full description
A call to the sprintf function causes a destination buffer overrun. This check is identical to SEC-BUFFER-sprintf-overrun.
Coding standards
- CERT STR31-C
Guarantee that storage for strings has sufficient space for character data and the null terminator
- CWE 119
Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE 120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
- CWE 121
Stack-based Buffer Overflow
Code examples
The following code example fails the check and will give a warning:
#include <stdio.h>
char buf[5];
void example(void) {
sprintf(buf, "Hello World!\n");
}
The following code example passes the check and will not give a warning about this issue:
#include <stdio.h>
char buf[14];
void example(void) {
sprintf(buf, "Hello World!\n");
}