CQE-120: Buffer Copy without Checking Size of Input

 
Buffer Copy without Checking Size of Input
Quality Issue ID: 120 Maturity: Preliminary
+ Description

Description Summary

This pattern identifies situations where two buffer storable elements or member elements are allocated with specific sizes in the source buffer allocation statement and target buffer allocation statement, transformed within the application via transformation sequences composed of ActionElements with DataRelations relations, some of which being part of named callable and method control elements, then ultimately used by the application to move the content of the first buffer onto the content of the second buffer through the move buffer statement, while the size of the first buffer is greater than the size of the second buffer.
+ Relationships
NatureTypeIDNameView(s) this relationship pertains to
View
ChildOf
Pr
Practice
9078Memory Management
Quality Issues Organized by Practices (primary)9002
ChildOf
Ch
Characteristic
9115Security
Default Graph (primary)9001
ChildOf
Ch
Characteristic
9120Reliability
Default Graph (primary)9001
CanPrecede
Co
Consequence
9022Memory Corruption
Default Graph (primary)9001
CanPrecede
Co
Consequence
9038Loss of Data Integrity
Default Graph (primary)9001
CanPrecede
Co
Consequence
9057Erroneous Behaviors
Default Graph (primary)9001
CanPrecede
Co
Consequence
9143Failure
Default Graph (primary)9001
CanPrecede
Co
Consequence
9152Unauthorized Access to Sensitive Information
Default Graph (primary)9001
CanPrecede
Co
Consequence
9168Unexpected Behaviors
Default Graph (primary)9001

Related Taxonomy Entries

TaxonomyVersionRelated ID
ASCRM1ASCRM-CWE-120
ASCSM1ASCSM-CWE-120
CWE2.11120
+ References
"Automated Source Code Security Measure (ASCSM)". ASCSM-CWE-120. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCSM/1.0/>.
"Automated Source Code Reliability Measure (ASCRM)". ASCRM-CWE-120. v1.0. Object Management Group (OMG). 2016-01-01. <http://www.omg.org/spec/ASCRM/1.0/>.
Page Last Updated or Reviewed: October 01, 2017