Incorrect argument order in memset() call

Description

The invocation of memset() is easy to get wrong. The second argument is the character and the third argument is the size, but sometimes these arguments are in the wrong order. This results in a no-op.

Rationale

The invocation of memset() is easy to get wrong. The second argument is the character and the third argument is the size, but sometimes these arguments are in the wrong order. This results in a no-op.

The following code illustrates a vulnerable pattern detected by this rule:

int test1()
{
	char buf[1024];

	// VULNERABLE: Incorrect argument order in memset() call
	memset(buf, sizeof(buf), 0);

	// VULNERABLE: Incorrect argument order in memset() call
	memset(buf, sizeof(buf), 'A');

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-688
OWASP Top 10 2021 - A04 : Insecure Design.
https://lkml.org/lkml/2009/11/11/336
https://bugs.mysql.com/bug.php?id=23181
CERTC-FIO47-C