{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 The star\" 的问题《sprintf buffer global data overflow - how to detec》','https://www.manongdao.com/q-964094.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am wondering if it's possible to detect this kind of buffer overflow somehow in Windows. Buffer is global ( not on stack ) so /RTC in Visual Studio 2008, VS2012 is not checking it. MinGW gcc also failed.
#include <stdio.h>
char buffer[2];
void main()
{
sprintf(buffer,"12345");
}
My first thought was static analysis.
- VS2012 Code Analysis : nothing
- CppCheck: nothing
- PCLint Online: nothing ( http://www.gimpel-online.com/OnlineTesting.html )
- PVS-Studio: nothing
another solution is to use _s version.
#include <stdio.h>
char buffer[2];
void main()
{
sprintf_s(buffer, sizeof(buffer), "12345");
}
but with code looking like that
#include <stdio.h>
char buffer[2];
void main()
{
sprintf_s(buffer, 20, "12345");
}
there is still same problem of not detected buffer overrun.
Is is possible to use memory guard, canaries on global data ( like on stack ) as well or resolve this problem using better Static,Dynamic Analysis?
Coverity's secure coding checker (SECURE_CODING) will catch this sort of bug. See this link.
You can use gflags that comes with Windows SDK:
http://msdn.microsoft.com/en-us/library/windows/hardware/ff543097%28v=vs.85%29.aspx
you register your app with gflags.exe:
and during program execution it will throw exceptions if you read/write outside array boundary, which can be caught in VS debugger.
But unfortunately gflags is for Windows Desktop, so it is of use only if you can build your app also for desktop - which actually makes development a lot easier.
As the question is tagged C++, the simple solution to avoid the issue altogether and not use the intrinsically unsafe C library at all, but rather use a
std::ostringstreamobject.I am a Cppcheck developer. Cppcheck should easily detect that. What Cppcheck version did you use? Latest Cppcheck version is 1.64.
Here is the expected output when cppcheck-1.64 is used: