Rus
  1. Home
  2. Examples of errors
  3. Examples of errors detected by the V6...

Examples of errors detected by the V645 diagnostic

V645. The function call could lead to the buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold.

ReactOS

V645 The 'strncat' function call could lead to the 'CmdLine' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. cmds.c 1314


void shell(int argc, const char *argv[])
{
  char CmdLine[MAX_PATH];
  ....
  strcpy( CmdLine, ShellCmd );

  if (argc > 1)
  {
    strncat(CmdLine, " /C", MAX_PATH);
  }

  for (i=1; i<argc; i++)
  {
    strncat(CmdLine, " ", MAX_PATH);
    strncat(CmdLine, argv[i], MAX_PATH);
  }
  ....
}

Similar errors can be found in some other places:

  • V645 The 'strncat' function call could lead to the 'CmdLine' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. cmds.c 1319
  • V645 The 'strncat' function call could lead to the 'CmdLine' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. cmds.c 1320
  • V645 The 'wcsncat' function call could lead to the 'szFileName' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. logfile.c 50

ICU

V645 The 'strncat' function call could lead to the 'plugin_file' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. icuplug.c 739


#define uprv_strncat(dst, src, n) \
  U_STANDARD_CPP_NAMESPACE strncat(dst, src, n)

static char plugin_file[2048] = "";

U_CAPI void U_EXPORT2
uplug_init(UErrorCode *status)
{
  ....
  uprv_strncpy(plugin_file, plugin_dir, 2047);
  uprv_strncat(plugin_file, U_FILE_SEP_STRING,2047);
  uprv_strncat(plugin_file, "icuplugins",2047);
  uprv_strncat(plugin_file, U_ICU_VERSION_SHORT ,2047);
  uprv_strncat(plugin_file, ".txt" ,2047);
  ....
}

Similar errors can be found in some other places:

  • V645 The 'strncat' function call could lead to the 'plugin_file' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. icuplug.c 741
  • V645 The 'strncat' function call could lead to the 'plugin_file' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. icuplug.c 740

Multi Theft Auto

V645 The 'strncat' function call could lead to the 'szRightName' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. cluaacldefs.cpp 400


int CLuaACLDefs::aclListRights ( lua_State* luaVM )
{
  char szRightName [128];
  ....
  strncat ( szRightName, (*iter)->GetRightName (), 128 );
  ....
}

Similar errors can be found in some other places:

  • V645 The 'strncat' function call could lead to the 'szObjectType' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. caccesscontrollistgroup.cpp 226

Miranda NG

V645 The 'strncat' function call could lead to the 'buff' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. Miranda fontoptions.cpp 162


BOOL ExportSettings(....)
{
  ....
  char header[512], buff[1024], abuff[1024];
  ....
  strncat(buff, abuff, SIZEOF(buff));
  ....
}

Similar errors can be found in some other places:

  • V645 The 'strncat' function call could lead to the 'buff' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. Miranda fontoptions.cpp 179
  • V645 The 'strncat' function call could lead to the 'buff' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. Miranda fontoptions.cpp 183
  • V645 The 'strncat' function call could lead to the 'buff' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. Miranda fontoptions.cpp 186
  • And 45 additional diagnostic messages.

Miranda NG

V645 The 'strncat' function call could lead to the 'filename' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. GG filetransfer.cpp 273


void __cdecl GGPROTO::dccmainthread(void*)
{
  ....
  strncat(filename, (char*)local_dcc->file_info.filename,
          sizeof(filename) - strlen(filename));
  ....
}

Similar errors can be found in some other places:

  • V645 The 'strncat' function call could lead to the 'filename' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. GG filetransfer.cpp 304
  • V645 The 'strncat' function call could lead to the 'filename' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. GG filetransfer.cpp 503
  • V645 The 'strncat' function call could lead to the 'filename' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. GG filetransfer.cpp 534
  • And 31 additional diagnostic messages.

Enlightenment

V645 The 'strncat' function call could lead to the 'transients' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. e_info_server.c 739


static void
_msg_window_prop_client_append(....)
{
  ....
  char availables[256] = { 0, };

  for (i = 0; i < target_ec->e.state.rot.count; i++)
  {
    char tmp[16];
    snprintf(tmp, sizeof(tmp), "%d ",
             target_ec->e.state.rot.available_rots[i]);
    strncat(availables, tmp,                             // <=
            sizeof(availables) - strlen(availables));
  }
  ....
}

The correct variant of the code: sizeof(availables) - strlen(availables) - 1

Similar errors can be found in some other places:

  • V645 The 'strncat' function call could lead to the 'shape_rects' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. e_info_server.c 751
  • V645 The 'strncat' function call could lead to the 'shape_input' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. e_info_server.c 763
  • V645 The 'strncat' function call could lead to the 'availables' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. e_info_server.c 924

Tizen

V645 The 'strncat' function call could lead to the 'dd_info->object_uri' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. oma-parser-dd1.c 422


#define OP_MAX_URI_LEN 2048

char object_uri[OP_MAX_URI_LEN];

void op_libxml_characters_dd1(....)
{
  ....
  strncat(dd_info->object_uri, ch_str,
          OP_MAX_URI_LEN - strlen(dd_info->object_uri));
  ....
}

The correct variant of the code: OP_MAX_URI_LEN - strlen(dd_info->object_uri) - 1

Similar errors can be found in some other places:

  • V645 The 'strncat' function call could lead to the 'dd_info->name' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. oma-parser-dd1.c 433

Haiku Operation System

V645 The 'strncat' function call could lead to the 'output' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. NamespaceDump.cpp 101


static void
dump_acpi_namespace(acpi_ns_device_info *device, char *root, int indenting)
{
  char output[320];
  char tabs[255] = "";
  ....
  strlcat(tabs, "|--- ", sizeof(tabs));
  ....
  while (....) {
    uint32 type = device->acpi->get_object_type(result);
    snprintf(output, sizeof(output), "%s%s", tabs, result + depth);
    switch(type) {
      case ACPI_TYPE_INTEGER:
        strncat(output, "     INTEGER", sizeof(output));
        break;
      case ACPI_TYPE_STRING:
        strncat(output, "     STRING", sizeof(output));
        break;
      ....
    }
    ....
  }
  ....
}

Similar errors can be found in some other places:

  • V645 The 'strncat' function call could lead to the 'output' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. NamespaceDump.cpp 104
  • V645 The 'strncat' function call could lead to the 'output' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. NamespaceDump.cpp 107
  • V645 The 'strncat' function call could lead to the 'output' buffer overflow. The bounds should not contain the size of the buffer, but a number of characters it can hold. NamespaceDump.cpp 110
  • And 15 additional diagnostic messages.

Bugs Found

Checked Projects
427
Collected Errors
14 526

Recent Posts

All articles →

Do you make errors in the code?

Check your code
with PVS-Studio

Static code analysis
for C, C++, C# and Java

goto PVS-Studio;
This website uses cookies and other technology to provide you a more personalized experience. By continuing the view of our web-pages you accept the terms of using these files. If you don't want your personal data to be processed, please, leave this site. Learn More →
Accept