Off-by-one error in buffer size calculation

c.buffer_overflow.off_by_one

Severity

low

Resource

Buffer Overflow

Language

C / C++

Description

The software calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

Rationale

The software calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value.

The following code illustrates a vulnerable pattern detected by this rule:

void bad1(char *string)
{
	char buf[BUFSIZE];

	strncpy(buf, string, BUFSIZE);
	// VULNERABLE: Off-by-one error in buffer size calculation
	buf[BUFSIZE] = '\0';
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-193
OWASP Top 10 2021 - A04 : Insecure Design.
https://cwe.mitre.org/data/definitions/787
https://g.co/kgs/PCHQjJ
https://github.com/struct/mms
CERTC-ARR30-C
CERTC-STR31-C