New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
False positive #13464
Comments
|
Hi @ImpossibleShape, Thanks for your report. I'm missing some details unfortunately, what is the size of Note the second argument of |
|
Your description of the 2nd parameter is incorrect or worded where I don't understand it. It's defined as if destsz is smaller than the string length of the source then as you mention the currently installed constraint handler function is called. This is the intent. It's the equivalent of protecting against a developer bug you might use an assert to catch, however, in the code being analyzed the size of pDetData->DevicePath is 256 byes so it could never be bigger than the destination (I have no idea where the 512 is coming from in the error message) ether way it's not a "cpp/badly-bounded-write" with the description "The program performs a buffer copy or write operation with an incorrect upper limit on the size of the copy. A sufficiently long input will overflow the target buffer. In addition to causing program instability, techniques exist which may allow an attacker to use this vulnerability to execute arbitrary code." |
|
My apologies. I had not read the query code correctly. The second argument should indeed taken into account, which means you've indeed found a false positive. Unfortunately, just copying an pasting the code you provided does not trigger the alert. Hence, I will need more context to do anything with this report. |
|
I'll try and see if I can make a demo app that reproduces it. The actual code is in a private enterprise repo I can't share unfortunately. |
|
If it's private enterprise code, then you likely have a GHAS license, which means we can handle this confidentially via the GitHub support channels. |
Description of the false positive
The error
This 'call to strcpy_s' operation is limited to 512 bytes but the destination is only 256 bytes.
Somehow it is getting a different size for sizeof and the actual size of the array. Not sure why it thinks they are different sizes when it's the same physical array. Code is below.
Code samples or links to source code
// Get the full device path
char devPath[ 256 ];
strcpy_s( devPath, sizeof( devPath ), pDetData->DevicePath );
The text was updated successfully, but these errors were encountered: