Skip to content

CTR50-CPP: Failed to compute the proper range for a resized vector. #66

New issue
New issue
Open
Open
CTR50-CPP: Failed to compute the proper range for a resized vector.#66
Labels
Difficulty-MediumA false positive or false negative report which is expected to take 1-5 days effort to addressImpact-LowStardard-CERT-C++false positive/false negativeAn issue related to observed false positives or false negatives.user-reportIssue reported by an end user of CodeQL Coding Standards
@MFaisalZaki

Description

@MFaisalZaki
MFaisalZaki
opened on Aug 20, 2022

Affected rules

  • cpp/cert/container-access-without-range-check-cert

Description

The rule warns about the vector container which is resized after delectation.

Access of container of type Payload does not ensure that the index is smaller than the bounds.

Example

#include <iostream>
#include <string>
#include <vector>
#include <filesystem>


using namespace std;
namespace fs = std::filesystem;


int main() {

    typedef vector<uint8_t> Payload;

    wstring file(L"This is a wstring");
    uint64_t attributes;

    Payload serialized_data; serialized_data.resize(file.size() * sizeof(wchar_t) + sizeof(attributes));
	*(uint64_t*)&serialized_data.front() = attributes;

	/*
	*	Append the path.
	*/
	file.copy((wchar_t*)&serialized_data[sizeof(attributes)], file.size());

    return 0;
}

Metadata

Metadata

Assignees

No one assigned

    Labels

    Difficulty-MediumA false positive or false negative report which is expected to take 1-5 days effort to addressImpact-LowStardard-CERT-C++false positive/false negativeAn issue related to observed false positives or false negatives.user-reportIssue reported by an end user of CodeQL Coding Standards

    Type

    No type

    Projects

    Coding Standards Public Development Board

    Status

    Triaged

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions