Highlighted
amiller_bae Contributor.
Contributor.
4647 views

Argc erroneously being flagged as Integer Overflow

I am trying to eliminate all fortify findings from my C++ code. Rather than just supressing the issues, I want to eliminate them. However, one issue I cannot seem to resolve is an integer overflow finding. The strange thing is that there is no arithmetic being done to warrant an overflow, and argc is bounded by a conditional statement. Despite this, it seems Fortify does not like argc being used to allocate the size of a buffer. Below is some sample code that gets tagged with an integer overflow:

int main(int argc, char* argv[]) {
  2   if ((argc < 0) || (argc > 10)) {
  3     cout<< "number of arguments is invalid.";
  4     return -1;
  5   } 
  6   cout << "Number of arguments: " << argc << endl;
  7   
  8   if ((argc > 0) && (argc < 10)) {
  9     int myArray[argc]; //This line gets flagged as an integer overflow
 10   } else {
 11     cout<<"Argc is out of bounds."<<endl;
 12     return -1;
 13   } 
 14   return 0;
 15 }

 

Line 9 gets flagged as an integer overflow, even though no addition is taking place and argc has been bounded by several conditonal statements. I think it is possible that Fortify is mistakenly flagging this as an issue. Any suggestions would be greatly appreciated.

0 Likes
3 Replies
Dennis Handly Acclaimed Contributor.
Acclaimed Contributor.

Re: argc erroneously being flagged as Integer Overflow

> Line 9 gets flagged as an integer overflow, even though no addition is taking place

 

There is an argc * sizeof(int) to allocate the array.

 

> argc has been bounded by several conditional statements.

 

Yes, that should have been a clue.  It should be doing range propagation.

0 Likes
amiller_bae Contributor.
Contributor.

Re: argc erroneously being flagged as Integer Overflow

Would you mind elaborating a little more? I am fairly new to Fortify and still learning the ins-and-outs. 

Are you saying that this is in fact a possible bug with Fortify, or are you saying there is a  flaw in my code? I'm also curious about the "argc * sizeof(int)" that you had mentioned. Does C++ allocate an integer array by multiplying argc by the size of the integer datatype in bytes? sizeof(int) would yield 4 in most 32-bit systems. This seems like it would over-allocate memory space, and I'm not quite sure what you were trying to say. Any explanation would be appreciated. 

 

0 Likes
Dennis Handly Acclaimed Contributor.
Acclaimed Contributor.

Re: argc erroneously being flagged as Integer Overflow

> I am fairly new to Fortify and still learning the ins-and-outs. 

 

(I know nothing about Fortify, just another similar code analysis product.)

 

>Are you saying that this is in fact a possible bug with Fortify, or are you saying there is a  flaw in my code?

 

It's a bug or a design flaw in Fortify.  Your code is fine.  (Your example creates a C99 dynamic array but doesn't use it.  🙂

 

> Does C++ allocate an integer array by multiplying argc by the size of the integer datatype in bytes?

 

How else would it do it?  Whether you allocate it on the stack or heap, you still need it in units of bytes.

 

>This seems like it would over-allocate memory space

 

Well, it may first get an integer overflow doing the multiplication.  And if not that, it would get a stack overflow.

 

> I'm not quite sure what you were trying to say.

 

I'm trying to read the mind of Fortify to guess why it thinks there is an integer overflow.  🙂

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.