Our website uses cookies to enhance your browsing experience.

Accept

Fill out the form in 2 simple steps below:

Your contact information:

Step 1

Congratulations! This is your promo code!

Desired license type:

Step 2

Team license

Enterprise license

* Difference between Team and Enterprise

Didn't get our email?

** By clicking this button you agree to our Privacy Policy statement

Request our prices

Why do we ask to use Business Email?

New License

License Renewal

I am a reseller

--Select currency--

USD

EUR

Didn't get our email?

* By clicking this button you agree to our Privacy Policy statement

Ask us your question

Why do we ask to use Business Email? Add file

Add file

Didn't get our email?

* By clicking this button you agree to our Privacy Policy statement

Free PVS‑Studio license for Microsoft MVP specialists

Why do we ask to use Business Email?

Didn't get our email?

* By clicking this button you agree to our Privacy Policy statement

I am interested to try it on the platforms:

Windows

Linux

macOS

Why do we ask to use Business Email?

Didn't get our email?

* By clicking this button you agree to our Privacy Policy statement

check circle

Message submitted.

Your message has been sent. We will email you at

If you do not see the email in your inbox, please check if it is filtered to one of the following folders:

Promotion
Updates
Spam

Home

>

Posts

>

Examples of errors

>

Examples of errors detected by the V645…

Examples of errors detected by the V645 diagnostic

V645. Function call may lead to buffer overflow. Bounds should not contain size of a buffer, but a number of characters it can hold.

ReactOS

V645 The 'strncat' function call could lead to the 'CmdLine' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. cmds.c 1314


void shell(int argc, const char *argv[])
{
  char CmdLine[MAX_PATH];
  ....
  strcpy( CmdLine, ShellCmd );

  if (argc > 1)
  {
    strncat(CmdLine, " /C", MAX_PATH);
  }

  for (i=1; i<argc; i++)
  {
    strncat(CmdLine, " ", MAX_PATH);
    strncat(CmdLine, argv[i], MAX_PATH);
  }
  ....
}

Similar errors can be found in some other places:

V645 The 'strncat' function call could lead to the 'CmdLine' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. cmds.c 1319
V645 The 'strncat' function call could lead to the 'CmdLine' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. cmds.c 1320
V645 The 'wcsncat' function call could lead to the 'szFileName' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. logfile.c 50

ICU

V645 The 'strncat' function call could lead to the 'plugin_file' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. icuplug.c 739


#define uprv_strncat(dst, src, n) \
  U_STANDARD_CPP_NAMESPACE strncat(dst, src, n)

static char plugin_file[2048] = "";

U_CAPI void U_EXPORT2
uplug_init(UErrorCode *status)
{
  ....
  uprv_strncpy(plugin_file, plugin_dir, 2047);
  uprv_strncat(plugin_file, U_FILE_SEP_STRING,2047);
  uprv_strncat(plugin_file, "icuplugins",2047);
  uprv_strncat(plugin_file, U_ICU_VERSION_SHORT ,2047);
  uprv_strncat(plugin_file, ".txt" ,2047);
  ....
}

Similar errors can be found in some other places:

V645 The 'strncat' function call could lead to the 'plugin_file' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. icuplug.c 741
V645 The 'strncat' function call could lead to the 'plugin_file' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. icuplug.c 740

Multi Theft Auto

V645 The 'strncat' function call could lead to the 'szRightName' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. cluaacldefs.cpp 400


int CLuaACLDefs::aclListRights ( lua_State* luaVM )
{
  char szRightName [128];
  ....
  strncat ( szRightName, (*iter)->GetRightName (), 128 );
  ....
}

Similar errors can be found in some other places:

V645 The 'strncat' function call could lead to the 'szObjectType' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. caccesscontrollistgroup.cpp 226

Miranda NG

V645 The 'strncat' function call could lead to the 'buff' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. Miranda fontoptions.cpp 162


BOOL ExportSettings(....)
{
  ....
  char header[512], buff[1024], abuff[1024];
  ....
  strncat(buff, abuff, SIZEOF(buff));
  ....
}

Similar errors can be found in some other places:

V645 The 'strncat' function call could lead to the 'buff' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. Miranda fontoptions.cpp 179
V645 The 'strncat' function call could lead to the 'buff' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. Miranda fontoptions.cpp 183
V645 The 'strncat' function call could lead to the 'buff' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. Miranda fontoptions.cpp 186
And 45 additional diagnostic messages.

Miranda NG

V645 The 'strncat' function call could lead to the 'filename' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. GG filetransfer.cpp 273


void __cdecl GGPROTO::dccmainthread(void*)
{
  ....
  strncat(filename, (char*)local_dcc->file_info.filename,
          sizeof(filename) - strlen(filename));
  ....
}

Similar errors can be found in some other places:

V645 The 'strncat' function call could lead to the 'filename' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. GG filetransfer.cpp 304
V645 The 'strncat' function call could lead to the 'filename' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. GG filetransfer.cpp 503
V645 The 'strncat' function call could lead to the 'filename' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. GG filetransfer.cpp 534
And 31 additional diagnostic messages.

Enlightenment

V645 The 'strncat' function call could lead to the 'transients' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. e_info_server.c 739


static void
_msg_window_prop_client_append(....)
{
  ....
  char availables[256] = { 0, };

  for (i = 0; i < target_ec->e.state.rot.count; i++)
  {
    char tmp[16];
    snprintf(tmp, sizeof(tmp), "%d ",
             target_ec->e.state.rot.available_rots[i]);
    strncat(availables, tmp,                             // <=
            sizeof(availables) - strlen(availables));
  }
  ....
}

The correct variant of the code: sizeof(availables) - strlen(availables) - 1

Similar errors can be found in some other places:

V645 The 'strncat' function call could lead to the 'shape_rects' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. e_info_server.c 751
V645 The 'strncat' function call could lead to the 'shape_input' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. e_info_server.c 763
V645 The 'strncat' function call could lead to the 'availables' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. e_info_server.c 924

Tizen

V645 The 'strncat' function call could lead to the 'dd_info->object_uri' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. oma-parser-dd1.c 422


#define OP_MAX_URI_LEN 2048

char object_uri[OP_MAX_URI_LEN];

void op_libxml_characters_dd1(....)
{
  ....
  strncat(dd_info->object_uri, ch_str,
          OP_MAX_URI_LEN - strlen(dd_info->object_uri));
  ....
}

The correct variant of the code: OP_MAX_URI_LEN - strlen(dd_info->object_uri) - 1

Similar errors can be found in some other places:

V645 The 'strncat' function call could lead to the 'dd_info->name' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. oma-parser-dd1.c 433

Haiku Operation System

V645 The 'strncat' function call could lead to the 'output' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. NamespaceDump.cpp 101


static void
dump_acpi_namespace(acpi_ns_device_info *device, char *root, int indenting)
{
  char output[320];
  char tabs[255] = "";
  ....
  strlcat(tabs, "|--- ", sizeof(tabs));
  ....
  while (....) {
    uint32 type = device->acpi->get_object_type(result);
    snprintf(output, sizeof(output), "%s%s", tabs, result + depth);
    switch(type) {
      case ACPI_TYPE_INTEGER:
        strncat(output, "     INTEGER", sizeof(output));
        break;
      case ACPI_TYPE_STRING:
        strncat(output, "     STRING", sizeof(output));
        break;
      ....
    }
    ....
  }
  ....
}

Similar errors can be found in some other places:

V645 The 'strncat' function call could lead to the 'output' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. NamespaceDump.cpp 104
V645 The 'strncat' function call could lead to the 'output' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. NamespaceDump.cpp 107
V645 The 'strncat' function call could lead to the 'output' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. NamespaceDump.cpp 110
And 15 additional diagnostic messages.

Want to try PVS‑Studio for free?