In this section:

Overview

This error is generated whenever a block of memory indicated by a pointer will be written outside its valid range.

CodeDescriptionEnabledReportedPlatform
WRITE_OVERFLOW
(error)RuntimeWindows/Unix
(normal)Writing overflows memory(tick)RuntimeWindows/Unix
(struct)Structure references out of range(tick)RuntimeWindows/Unix


Problem

This code attempts to copy a string into the array a, which is not large enough.

/*
 * File: writover.c
 */
main()
{
	int junk;
	char a[10];

	strcpy(a, "A simple test");
	return (0);
}

Another problem includes writovr2.c. A diagnosis similar to the one that follows applies.

Diagnosis at Runtime

[writover.c:9] **WRITE_OVERFLOW**
>>		 strcpy(a, "A simple test");
	Writing overflows memory: <argument 1>

---- Associated Common Weakness Enumerations ----
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120: Buffer copy without checking size of input
CWE-788: Access of memory location after end of buffer
CWE-787: Out-of-bounds write
CWE-170: Improper NULL termination

		    bbbbbbbbbb
			|   10   |  4  |
			wwwwwwwwwwwwwwww
Writing (w): 0xf7fffafc thru 0xf7fffb09 (14 bytes)
To block (b): 	0xf7fffafc thru 0xf7fffb05 (10 bytes)
				a, declared at writover.c, 7
Stack trace where the error occurred:
		strcpy () (interface)
		main() writover.c, 9
  • Line 2: Source line at which the problem was detected.
  • Line 3: Description of the problem and the incorrect expression.
  • Line 5-10: CWEs associated with this problem.
  • Line 12: Schematic showing the relative layout of the actual memory block (b) and region being written (w). See Overflow Diagrams.
  • Line 15: Range of memory being written and description of the block to which the write is taking place, including its size and the location of its declaration.
  • Line 18: Stack trace showing the call sequence leading to the error.

Repair

This error often occurs when working with strings. In most cases, a simple fix is to increase the size of the destination object.

References

The table below shows Common Weakness Enumerations associated with this error.

CWEDescription
CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-120Buffer copy without checking size of input
CWE-788Access of memory location after end of buffer
CWE-787Out-of-bounds write
CWE-170Improper NULL termination
  • No labels