SEC-BUFFER-sprintf-overrun

In this section:

Synopsis

A call to the sprintf function will overrun the target buffer.

Enabled by default

Yes

Severity/Certainty

High/High

Full description

A call to the sprintf function will overrun the target buffer. Consider using a function that allows you to set the buffer length, such as snprintf. Alternatively, you might be able to compare the lenghts of the source and destination buffer before calling sprintf. This check is identical to LIB-sprintf-overrun.

Coding standards

CERT STR31-C: Guarantee that storage for strings has sufficient space for character data and the null terminator
CWE 119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE 120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')
CWE 121: Stack-based Buffer Overflow

Code examples

The following code example fails the check and will give a warning:

char buf[5];

void example(void) {
  sprintf(buf, "Hello World!\n");
}

The following code example passes the check and will not give a warning about this issue:

char buf[14];

void example(void) {
  sprintf(buf, "Hello World!\n");
}

IAR Embedded Workbench for RH850 3.20.x