In this section:
Overview
This error is generated whenever a block of memory indicated by a pointer will be written outside its valid range.Code Description Enabled Reported Platform WRITE_OVERFLOW Runtime Windows/Unix (normal) Writing overflows memory Runtime Windows/Unix (struct) Structure references out of range Runtime Windows/Unix
Problem
This code attempts to copy a string into the array a
, which is not large enough.
/* * File: writover.c */ main() { int junk; char a[10]; strcpy(a, "A simple test"); return (0); }
Another problem includes writovr2.c
. A diagnosis similar to the one that follows applies.
Diagnosis at Runtime
[writover.c:9] **WRITE_OVERFLOW** >> strcpy(a, "A simple test"); Writing overflows memory: <argument 1> ---- Associated Common Weakness Enumerations ---- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer CWE-120: Buffer copy without checking size of input CWE-788: Access of memory location after end of buffer CWE-787: Out-of-bounds write CWE-170: Improper NULL termination bbbbbbbbbb | 10 | 4 | wwwwwwwwwwwwwwww Writing (w): 0xf7fffafc thru 0xf7fffb09 (14 bytes) To block (b): 0xf7fffafc thru 0xf7fffb05 (10 bytes) a, declared at writover.c, 7 Stack trace where the error occurred: strcpy () (interface) main() writover.c, 9
- Line 2: Source line at which the problem was detected.
- Line 3: Description of the problem and the incorrect expression.
- Line 5-10: CWEs associated with this problem.
- Line 12: Schematic showing the relative layout of the actual memory block (b) and region being written (w). See Overflow Diagrams.
- Line 15: Range of memory being written and description of the block to which the write is taking place, including its size and the location of its declaration.
- Line 18: Stack trace showing the call sequence leading to the error.
Repair
This error often occurs when working with strings. In most cases, a simple fix is to increase the size of the destination object.
References
The table below shows Common Weakness Enumerations associated with this error.