[C-safe-secure-studygroup] checker

Robert Seacord rcseacord at gmail.com
Wed Jan 23 20:02:34 GMT 2019

Thanks, David!  (and also Roberto).

On a related note,

when is it appropriate to use memcpy vs strcpy?

They are both included in the Section 7.24 String handling <string.h> of
the C Standard.

Possible answers:
1. strcpy should be used when you are copying a string, and memcpy should
only be used when copying memory
2. memcpy should be used when you know the size of the source and
destination arrays without having to call strlen
Assuming array sizes are known:
3. use strcpy for small strings because memcpy is optimized for large moves
and can be less efficient for small strings
4. use memcpy has a *much* easier time being efficient for both large and
small sizes, because the size is known up front.
something else?

I'm also sort of annoyed that the memcpy_s function only cares about the
size of the destination array and apparently is unconcerned with reading
beyond the bounds of the source array.  Probably the same is true with
other _s functions.


On Wed, Jan 23, 2019 at 2:26 PM Wheeler, David A <dwheeler at ida.org> wrote:

> Robert Seacord:
> > Has anyone implemented a static analysis checker that would detect when
> a programmer incorrectly specifies the size of the source array instead of
> the destination array, for example:
> void func (void) {
>   char source[] = "...";
>   char dest[N];
>   ...
>   strcpy_s(dest, sizeof source, source);
> }
> Yes.  In an almost vacuous way flawfinder sometimes does that - and it’s
> just a lexical analyzer.
> Flawfinder will warn about memcpy, but *NOT* if the count is given as
> sizeof(first arg). Since first arg is the dest, flawfinder *will* complain
> if the size of the *source* array is given, since that's the wrong one.  It
> will even complain if the source array size is smaller than the destination
> (it's still the wrong size to use, and things can change in the future
> during maintenance).
> --- David A. Wheeler
> _______________________________________________
> C-safe-secure-studygroup mailing list
> C-safe-secure-studygroup at lists.trustable.io
> https://lists.trustable.io/cgi-bin/mailman/listinfo/c-safe-secure-studygroup
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.trustable.io/pipermail/c-safe-secure-studygroup/attachments/20190123/35864c83/attachment.html>

More information about the C-safe-secure-studygroup mailing list