C & C++

C & C++

Made by DeepSource
Risky cast after possibly misaligned pointer offset CXX-S1014
Security
Major

Pointer offset(or any other arithmetic operation) on a pointer casted to a different type (than its original type) is risky and can result in undefined behaviour. The reason for such behaviour is that the memory alignment may change for types on every targeted platform.

Potential buffer overrun CXX-S1005
Security
Major

While writing data to a buffer, the program can overrun the buffer's boundary and overwrite adjacent memory locations. These can either cause a crash if the memory region is inaccessible to the process for writing, or in the worst case produce a vulnerability to overwrite parts of the memory with untrusted user code.

Audit required: found possible occurrence of secret in source CXX-A1004
Security
Major

This issue attempts to uncover cases of sensitive information, such as passwords, encryption keys, or other confidential data, being hardcoded into the source code and shipped with the software.

This is a serious security issue because if the source code is accessible, the secret information can be easily extracted by attackers.

Unbound checked function calls lacking external bounds checking CXX-S1003
Security
Major

Certain functions do not perform bound checks internally, leading to segmentation faults if the caller does not explicitly perform bound checks. Avoid calling such functions without explicitly checking the buffer bounds against the provided value first.

Empty exception handler block CXX-S1021
Security
Major

An exception handling catch block is used to catch and handle errors or exceptions that may occur during the execution of a program. When the catch block does not contain any code to handle the exception or execute any necessary cleanup, then this can lead to problems. In particular, it can make the program unreliable, as an unhandled exception may cause the program to crash or behave unpredictably. This is especially problematic if the relevant code is reachable by an attacker, as they may be able to trigger the exception deliberately and cause the program to fail.

While processing the buffer using printf/scanf, not using any width for the format specifier %s is vulnerable to buffer overflow CXX-S1004
Security
Major

Using I/O operations such as printf and scanf without setting width limits for format strings can allow for buffer overflow when reading from a stdin pipe or writing to a stdout pipe.

Potential heap memory use after free CXX-S1012
Security
Major

When a program requests memory from the heap, it is given a pointer to the starting address of that memory block. When the program frees that memory block, the memory is returned to the heap and the pointer is no longer valid. Using freed heap memory can result in undefined behavior and potentially cause serious problems in a program.

Audit required: untrusted format string CXX-A1002
Security
Major

If the source of a format string is untrusted then there is a chance that the format expected would break or the untrusted source may be able to insert malicious stuff into your code.

Suspicious sizeof() in strncpy, strncat, or memcpy CXX-S1016
Security
Major

Using sizeof() on pointers would return the complete size of the pointer only if it's from the local scope.

Audit required: calling command processor based system() is exploitable CXX-A1001
Security
Major

The system() function in C programming executes a specified command by invoking an implementation-defined command processor, such as a UNIX shell or CMD.EXE in Microsoft Windows. The problem with using system() function is that it can result in exploitable vulnerabilities, allowing for the execution of arbitrary system commands. The risks associated with using the system() function include passing an unsanitized or improperly sanitized command string originating from a tainted source, specifying a command without a path name and the command processor path name resolution mechanism is accessible to an attacker, specifying a relative path to an executable and control over the current working directory is accessible to an attacker, and if the specified executable program can be spoofed by an attacker.