Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CTR50-CPP: Failed to compute the proper range for a resized vector. #66

Open
MFaisalZaki opened this issue Aug 20, 2022 · 1 comment
Open

CTR50-CPP: Failed to compute the proper range for a resized vector. #66

MFaisalZaki opened this issue Aug 20, 2022 · 1 comment
Labels
Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-Low Stardard-CERT-C++ user-report Issue reported by an end user of CodeQL Coding Standards

Comments

@MFaisalZaki
Copy link

Affected rules

  • cpp/cert/container-access-without-range-check-cert

Description

The rule warns about the vector container which is resized after delectation.

Access of container of type Payload does not ensure that the index is smaller than the bounds.

Example

#include <iostream>
#include <string>
#include <vector>
#include <filesystem>


using namespace std;
namespace fs = std::filesystem;


int main() {

    typedef vector<uint8_t> Payload;

    wstring file(L"This is a wstring");
    uint64_t attributes;

    Payload serialized_data; serialized_data.resize(file.size() * sizeof(wchar_t) + sizeof(attributes));
	*(uint64_t*)&serialized_data.front() = attributes;

	/*
	*	Append the path.
	*/
	file.copy((wchar_t*)&serialized_data[sizeof(attributes)], file.size());

    return 0;
}
@MFaisalZaki MFaisalZaki added the false positive/false negative An issue related to observed false positives or false negatives. label Aug 20, 2022
@lcartey lcartey added the user-report Issue reported by an end user of CodeQL Coding Standards label Oct 23, 2024
@github github deleted a comment from jajamorgan Dec 10, 2024
@github github deleted a comment from smp73 Dec 10, 2024
@lcartey lcartey moved this from Reported to Triaged in Coding Standards Public Development Board Dec 10, 2024
@lcartey lcartey added Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address Impact-Low labels Dec 10, 2024
@github github deleted a comment from Tranghuyen36 Dec 10, 2024
@lcartey
Copy link
Collaborator

lcartey commented Dec 10, 2024
edited
Loading

The current analysis does not track the size of the wstring in your example. When we analyze file.size() * sizeof(wchar_t) we therefore consider the possibility that the multiplication wraps around, which could lead to the size being set to 0.

We could analyze the size of constant strings to contribute to our analysis, which would address this case.

@lcartey lcartey marked this as a duplicate of #58 Dec 10, 2024
@lcartey lcartey mentioned this issue Dec 10, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Difficulty-Medium A false positive or false negative report which is expected to take 1-5 days effort to address false positive/false negative An issue related to observed false positives or false negatives. Impact-Low Stardard-CERT-C++ user-report Issue reported by an end user of CodeQL Coding Standards
Projects
Coding Standards Public Development Board
Status: Triaged
Milestone
No milestone
Development

No branches or pull requests
3 participants
@MichaelRFairhurst @lcartey @MFaisalZaki