PClint错误码大全_百度文库
两大类热门资源免费畅读
续费一年阅读会员，立省24元！
PClint错误码大全
上传于||文档简介
&&最​全​的​p​c​l​i​n​t​错​误​码​表​,​从-​-00​全​部​都​有
阅读已结束，如果下载本文需要使用2下载券
想免费下载本文？
定制HR最喜欢的简历
下载文档到电脑，查找使用更方便
还剩98页未读，继续阅读
定制HR最喜欢的简历
你可能喜欢3353人阅读
PC-lint的使用网络上有很多，下一篇将会转载一下。这里主要记录一下在使用的过程中所遇到的问题。
1.错误如下
-- Module:&& d:/Projects/magellan/main/code/magellan/MgAIAction.cpp
&&&&& (C++)
&&&&& #include &co-msc80.h& /* generated from -header(co-msc80.h) */
&&&&& d:/Projects/magellan/main/code/magellan/MgAIAction.cpp(0): error 322:
&&&&& (Error -- Unable to open include file 'co-msc80.h')
出现这个错误时，我在网上找了很多也没找到一个合适的解决方法，只有一个与上面问题相同的代码标识。解决如下：
在PC LINT的文件夹中找到co-msc80.lnt，打开
转到最后一行“-header(co-msc80.h) // implicitly includes &typeinfo&. (Needed because MSVC 8 implicitly declares class type_info.)”。
将其中的co-msc80.h改为绝对地址：-header(C:/pc-lint/co-msc80.h) ，这样就可以了。
2.在VS2005中增加多文件的PC LINT检查，设置如下：
标题：pclint_project
命令：C:/unix/usr/local/wbin/find.exe&
参数：$(ProjectDir) -name *.c -o -name *.cpp | C:/unix/usr/local/wbin/xargs C:/pclint/lint-nt -i&c:/unix/usr/local& -u c:/pc-lint/stdvc8.lnt c:/pc-lint/env-vc8.lnt
运行后出现错误：
C:/unix/usr/local/wbin/find.exe : paths must precede expression
Usage: C:/unix/usr/local/wbin/find.exe [path...] [expression]
原因是$(ProjectDir)解析后为C:/abc/de//,有问题，find接收的文件夹路径为C:/abc:/de
当前我还没找到解决办法，除了在控制台上直接运行！！
3.其实windows下使用pc-lint最好还是集成在source insight上。这里注意一点：
&&&&& 一般的人在设置好pc-lint后，运行发现有这样的错误：error 322: (Error -- Unable to open include file 'stdafx.h')。这是因为在std.lnt中设置的包好选项中没有办好这个头文件的文件夹路径。
&&&&& 这里建议，如碰到该情况，请重新建立一个lnt文件，将该工程所引用的头文件路径都包含里面。例如我建立了一个文件叫header_myproject.lnt，里面只有这句话-i&d:/SVN/闸机1.1/trunk/XdrEDCd:/SVN/闸机1.1/trunk/XdrEDCode/header& 注意-i一定要与&紧紧挨近一起。然后将文件header_myproject.lnt路径添加到std.lnt中即可。
4.使用PC-Lint时可能会遇到很多库的头文件的错误，特别是在VS中。这时可以通过设置PC-LINT.exe的参数屏蔽库文件的错误。一般为PC-LINT.exe -wlib(x)
-wlib(0) 不生成任何库信息
-wlib(1) 只生成错误信息（当处理库的源代码时）
-wlib(2) 生成错误和告警信息
-wlib(3) 生成错误、告警和其它信息（这是默认设置）
-wlib(4) 产生所有信息
另外，如果你测试时不想看一下info类的信息，可以在命令中增加-wx来屏蔽不需要显示的信息：
-w0 不产生信息（除了遇到致命的错误）&
-w1 只生成错误信息 -- 没有告警信息和其它提示信息
-w2 只有错误和告警信息
-w3 生成错误、告警和其它提示信息（这是默认设置）&
-w4 生成所有信息
一般情况下我先使用-w1再用-w2，最后用-w3
参考知识库
* 以上用户言论只代表其个人观点，不代表CSDN网站的观点或立场
访问：19165次
排名：千里之外
转载：16篇
(1)(1)(1)(1)(3)(3)(5)(2)(1)(1)CWE-129: Improper Validation of Array Index (2.9)
Presentation Filter:
Basic Summary
High Level
Acquisition
Development Manager
Development Education
Vulnerability Research
Mapping-Friendly
CWE-129: Improper Validation of Array Index
Improper Validation of Array Index
Weakness ID: 129 (Weakness Base)Status: Draft
The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.
out-of-bounds array index
index-out-of-range
array index underflow
C: (Often)
C++: (Often)
Language-independent
ScopeEffect
IntegrityAvailability DoS: crash / exit /
restartUse of an index that is outside the bounds of an array will very
likely result in the corruption of relevant memory and perhaps
instructions, leading to a crash, if the values are outside of the valid
memory area.
Integrity Modify memoryIf the memory corrupted is data, rather than instructions, the system
will continue to function with improper values.
ConfidentialityIntegrity M Read memoryUse of an index that is outside the bounds of an array can also
trigger out-of-bounds read or write operations, or operations on the
i.e., "buffer overflows" are not always the result. This
may result in the exposure or modification of sensitive data.
IntegrityConfidentialityAvailability Execute unauthorized code or
commandsIf the memory accessible by the attacker can be effectively
controlled, it may be possible to execute arbitrary code, as with a
standard buffer overflow and possibly without the use of large inputs if
a precise index can be controlled.
IntegrityAvailabilityConfidentiality DoS: crash / exit /
Execute unauthorized code or
R Modify memoryA single fault could allow either an overflow () or underflow () of the array index. What happens next will depend on the type of operation being performed out of bounds, but can expose sensitive information, cause a system crash, or possibly lead to arbitrary code execution.
This weakness can often be detected using automated static analysis
tools. Many modern tools use data flow analysis or constraint-based
techniques to minimize the number of false positives.Automated static analysis generally does not account for environmental
considerations when reporting out-of-bounds memory operations. This can
make it difficult for users to determine which warnings should be
investigated first. For example, an analysis tool might report array
index errors that originate from command line arguments in a program
that is not expected to run with setuid or other special
privileges.
This is not a perfect solution, since 100% accuracy and coverage are
not feasible.
This weakness can be detected using dynamic tools and techniques that
interact with the software using large test suites with many diverse
inputs, such as fuzz testing (fuzzing), robustness testing, and fault
injection. The software's operation may slow down, but it should not
become unstable, crash, or generate incorrect results.
Black box methods might not get the needed code coverage within
limited time constraints, and a dynamic test might not produce any
noticeable side effects even if it is successful.
In the code snippet below, an untrusted integer value is used to
reference an object in an array.public String getValue(int index) {
return array[index];
}If index is outside of the range of the array, this may result in an
ArrayIndexOutOfBounds Exception being raised.The following example takes a user-supplied value to allocate an
array of objects and then operates on the array.private void buildList ( int untrustedListSize ){
if ( 0 & untrustedListSize ){
die("Negative value supplied for list size, die evil
hacker!");
Widget[] list = new Widget [ untrustedListSize ];
list[0] = new Widget();
}This example attempts to build a list from a user-specified value, and
even checks to ensure a non-negative value is supplied. If, however, a 0
value is provided, the code will build an array of size 0 and then try
to store a new Widget in the first location, causing an exception to be
thrown.In the following code, the method retrieves a value from an array at
a specific array index location that is given as an input parameter to the
methodint getValueFromArray(int *array, int len, int index) {
// check that the array index is less than the
// length of the array
if (index & len) {
// get the value at the specified index of the
value = array[index];
// if array index is invalid then output error
// and return value indicating error
printf("Value is: %d\n", array[index]);
value = -1;
}However, this method only verifies that the given array index is less than the maximum length of the array but does not check for the minimum value (). This will allow a negative value to be accepted as the input array index, which will result in a out of bounds read () and may allow access to sensitive memory. The input array index should be checked to verify that is within the maximum and minimum range required for the array (). In this example the if statement should be modified to include a minimum range check, as shown below. ...// check that the array index is within the correct// range of values for the arrayif (index &= 0 && index & len)
{...The following example retrieves the sizes of messages for a pop3
mail server. The message sizes are retrieved from a socket that returns in a
buffer the message number and the message size, the message number (num) and
size (size) are extracted from the buffer and the message size is placed
into an array using the message number for the array index./* capture the sizes of all messages */int getsizes(int sock, int count, int *sizes) {
char buf[BUFFER_SIZE];
// read values from socket and added to sizes
while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0)
// continue read from socket until buf only contains
if (DOTLINE(buf))
else if (sscanf(buf, "%d %d", &num, &size)
sizes[num - 1] =
}In this example the message number retrieved from the buffer could be
a value that is outside the allowable range of indices for the array and
could possibly be a negative number. Without proper validation of the
value to be used for the array index an array overflow could occur and
could potentially lead to unauthorized access to memory addresses and
system crashes. The value of the array index should be validated to
ensure that it is within the allowable range of indices for the array as
in the following code./* capture the sizes of all messages */int getsizes(int sock, int count, int *sizes) {
char buf[BUFFER_SIZE];
// read values from socket and added to sizes
while ((ok = gen_recv(sock, buf, sizeof(buf))) == 0)
// continue read from socket until buf only contains
if (DOTLINE(buf))
else if (sscanf(buf, "%d %d", &num, &size)
if (num & 0 && num &=
(unsigned)count)
sizes[num - 1] =
/* warn about possible attempt to induce buffer
overflow */
report(stderr, "Warning: ignoring bogus data for
message sizes returned by server.\n");
}In the following example the method displayProductSummary is called
from a Web service servlet to retrieve product summary information for
display to the user. The servlet obtains the integer value of the product
number from the user and passes it to the displayProductSummary method. The
displayProductSummary method passes the integer value of the product number
to the getProductSummary method which obtains the product summary from the
array object containing the project summaries using the integer value of the
product number as the array index.// Method called from servlet to obtain product
informationpublic String displayProductSummary(int index) {
String productSummary = new String("");
String productSummary = getProductSummary(index);
} catch (Exception ex) {...}
return productS
}public String getProductSummary(int index) {
return products[index];
}In this example the integer value used as the array index that is
provided by the user may be outside the allowable range of indices for
the array which may provide unexpected results or cause the application
to fail. The integer value used for the array index should be validated
to ensure that it is within the allowable range of indices for the array
as in the following code.// Method called from servlet to obtain product
informationpublic String displayProductSummary(int index) {
String productSummary = new String("");
String productSummary = getProductSummary(index);
} catch (Exception ex) {...}
return productS
}public String getProductSummary(int index) {
String productSummary = "";
if ((index &= 0) && (index &
MAX_PRODUCTS)) {
productSummary = products[index];
System.err.println("index is out of bounds");
throw new IndexOutOfBoundsException();
return productS
}An alternative in Java would be to use one of the collection objects
such as ArrayList that will automatically generate an exception if an
attempt is made to access an array index that is out of bounds.ArrayList productArray = new ArrayList(MAX_PRODUCTS);...try {
productSummary = (String) productArray.get(index);
} catch (IndexOutOfBoundsException ex) {...}The following example asks a user for an offset into an array to
select an item.int main (int argc, char **argv) {
char *items[] = {"boat", "car", "truck", "train"};
int index = GetUntrustedOffset();
printf("You selected %s\n", items[index-1]);
}The programmer allows the user to specify which element in the list to select, however an attacker can provide an out-of-bounds offset, resulting in a buffer over-read (). ReferenceDescription
large ID in packet used as array
negative array index as argument to POP LIST
Integer signedness error leads to negative array
product does not properly track a count and a
maximum number, which can lead to resultant array index
Chain: device driver for packet-capturing software
allows access to an unintended IOCTL with resultant array index
Chain: array index error () leads to deadlock ()
Use an input validation framework such as Struts or the OWASP ESAPI Validation API. If you use Struts, be mindful of weaknesses covered by the
For any security checks that are performed on the client side, ensure that these checks are duplicated on the server side, in order to avoid . Attackers can bypass the client-side checks by modifying values after the checks have been performed, or by changing the client to remove the client-side checks entirely. Then, these modified values would be submitted to the server. Even though client-side checks provide minimal benefits with respect
to server-side security, they are still useful. First, they can support
intrusion detection. If the server receives input that should have been
rejected by the client, then it may be an indication of an attack.
Second, client-side error-checking can provide helpful feedback to the
user about the expectations for valid input. Third, there may be a
reduction in server-side processing time for accidental input errors,
although this is typically a small savings.
Use a language that does not allow this weakness to occur or provides
constructs that make this weakness easier to avoid.For example, Ada allows the programmer to constrain the values of a
variable and languages such as Java and Ruby will allow the programmer
to handle exceptions when an out-of-bounds index is accessed.
Run or compile the software using features or extensions that randomly
arrange the positions of a program's executable and libraries in memory.
Because this makes the addresses unpredictable, it can prevent an
attacker from reliably jumping to exploitable code.Examples include Address Space Layout Randomization (ASLR) [] [] and Position-Independent Executables (PIE) [].
This is not a complete solution. However, it forces the attacker to
guess an unknown value that changes every program execution. In
addition, an attack could still cause a denial of service, since the
typical response is to exit the application.
Use a CPU and operating system that offers Data Execution Protection (NX) or its equivalent [] [].
This is not a complete solution, since buffer overflows could be used
to overwrite nearby variables to modify the software's state in
dangerous ways. In addition, it cannot be used in cases in which
self-modifying code is required. Finally, an attack could still cause a
denial of service, since the typical response is to exit the
application.
Assume all input is malicious. Use an "accept known good" input
validation strategy, i.e., use a whitelist of acceptable inputs that
strictly conform to specifications. Reject any input that does not
strictly conform to specifications, or transform it into something that
does.When performing input validation, consider all potentially relevant
properties, including length, type of input, the full range of
acceptable values, missing or extra inputs, syntax, consistency across
related fields, and conformance to business rules. As an example of
business rule logic, "boat" may be syntactically valid because it only
contains alphanumeric characters, but it is not valid if the input is
only expected to contain colors such as "red" or "blue."Do not rely exclusively on looking for malicious or malformed inputs
(i.e., do not rely on a blacklist). A blacklist is likely to miss at
least one undesirable input, especially if the code's environment
changes. This can give attackers enough room to bypass the intended
validation. However, blacklists can be useful for detecting potential
attacks or determining which inputs are so malformed that they should be
rejected outright.When accessing a user-controlled array index, use a stringent range of
values that are within the target array. Make sure that you do not allow
negative values to be used. That is, verify the minimum as well as the
maximum of the range of acceptable values.
Be especially careful to validate all input when invoking code that
crosses language boundaries, such as from an interpreted language to
native code. This could create an unexpected interaction between the
language boundaries. Ensure that you are not violating any of the
expectations of the language with which you are interfacing. For
example, even though Java may not be susceptible to buffer overflows,
providing a large argument in a call to native code might trigger an
Run your code using the lowest privileges that are required to accomplish the necessary tasks []. If possible, create isolated accounts with limited privileges that are only used for a single task. That way, a successful attack will not immediately give the attacker access to the rest of the software or its environment. For example, database applications rarely need to run as the database administrator, especially in day-to-day operations.
Run the code in a "jail" or similar sandbox environment that enforces
strict boundaries between the process and the operating system. This may
effectively restrict which files can be accessed in a particular
directory or which commands can be executed by the software.OS-level examples include the Unix chroot jail, AppArmor, and SELinux.
In general, managed code may provide some protection. For example,
java.io.FilePermission in the Java SecurityManager allows the software
to specify restrictions on file operations.This may not be a feasible solution, and it only limits the impact to
the rest of the application may still be subject
to compromise.Be careful to avoid
and other weaknesses related to jails.
The effectiveness of this mitigation depends on the prevention
capabilities of the specific sandbox or jail being used and might only
help to reduce the scope of an attack, such as restricting the attacker
to certain system calls or limiting the portion of the file system that
can be accessed.
OrdinalityDescription
ResultantThe most common condition situation leading to an out-of-bounds array
index is the use of loop index variables as buffer indexes. If the end
condition for the loop is subject to a flaw, the index can grow or
shrink unbounded, therefore causing a buffer overflow or underflow.
Another common situation leading to this condition is the use of a
function's return value, or the resulting value of a calculation
directly as an index in to a buffer.
NatureTypeIDNameView(s) this relationship pertains to
ChildOfWeakness Class20Development Concepts (primary)699Research Concepts (primary)1000Weaknesses for Simplified Mapping of Published Vulnerabilities (primary)1003ChildOfCategory189Development Concepts699ChildOfCategory633Resource-specific Weaknesses (primary)631ChildOfCategory738Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734ChildOfCategory740Weaknesses Addressed by the CERT C Secure Coding Standard734ChildOfCategory802Weaknesses in the 2010 CWE/SANS Top 25 Most Dangerous Programming Errors (primary)800ChildOfCategory867Weaknesses in the 2011 CWE/SANS Top 25 Most Dangerous Software Errors (primary)900ChildOfCategory872Weaknesses Addressed by the CERT C++ Secure Coding Standard868ChildOfCategory874Weaknesses Addressed by the CERT C++ Secure Coding Standard (primary)868ChildOfCategory970Software Fault Pattern (SFP) Clusters (primary)888CanPrecedeWeakness Class119Research Concepts1000CanPrecedeWeakness Variant789Research Concepts1000CanPrecedeWeakness Base823Research Concepts1000
MemberOfView884CWE Cross-section (primary)884
This weakness can precede uncontrolled memory allocation () in languages that automatically expand an array when an index is used that is larger than the size of the array, such as JavaScript.
An improperly validated array index might lead directly to the
always-incorrect behavior of "access of array using out-of-bounds index."
ExplicitMapped Taxonomy NameNode IDFitMapped Node Name
CLASPUnchecked array indexing
PLOVERINDEX - Array index overflow
CERT C Secure CodingARR00-CUnderstand how arrays work
CERT C Secure CodingARR30-CGuarantee that array indices are within the valid
CERT C Secure CodingARR38-CDo not add or subtract an integer to a pointer if the
resulting value does not refer to a valid array element
CERT C Secure CodingINT32-CEnsure that operations on signed integers do not result in
CERT C++ Secure CodingINT10-CPPDo not assume a positive remainder when using the %
CERT C++ Secure CodingINT32-CPPEnsure that operations on signed integers do not result in
CERT C++ Secure CodingARR00-CPPUnderstand when to prefer vectors over
CERT C++ Secure CodingARR30-CPPGuarantee that array and vector indices are within the valid
CERT C++ Secure CodingARR38-CPPDo not add or subtract an integer to a pointer or iterator if
the resulting value does not refer to a valid element in the array or
Software Fault PatternsSFP8Faulty Buffer Access
CAPEC-IDAttack Pattern Name(CAPEC Version: 2.8)
Overflow Buffers
[R.129.1] [REF-11] M. Howard and
D. LeBlanc. "Writing Secure Code". Chapter 5, "Array Indexing Errors" Page
144. 2nd Edition. Microsoft. 2002.
[R.129.2] Jason Lam. "Top 25 Series - Rank 14 - Improper Validation of Array
Index". SANS Software Security Institute. . &&.
[R.129.3] [REF-22] Michael Howard. "Address Space Layout Randomization in Windows
Vista". &&.
[R.129.4] [REF-29] "PaX". &&.
[R.129.5] [REF-25] Microsoft. "Understanding DEP as a mitigation technology part
[R.129.6] [REF-31] Sean Barnum and
Michael Gegick. "Least Privilege". . &&.
[R.129.7] [REF-17] Michael Howard, David LeBlanc
and John Viega. "24 Deadly Sins of Software Security". "Sin 5: Buffer Overruns." Page 89. McGraw-Hill. 2010.
[R.129.8] [REF-37] Grant Murphy. "Position Independent Executables (PIE)". Red Hat. . &&.
SubmissionsSubmission DateSubmitterOrganizationSourceCLASPExternally MinedModificationsModification DateModifierOrganizationSourceSean EidemillerCigitalExternaladded/updated demonstrative
examplesCWE Content TeamMITREInternalupdated Alternate_Terms, Applicable_Platforms,
Common_Consequences, Relationships, Other_Notes, Taxonomy_Mappings,
Weakness_OrdinalitiesCWE Content TeamMITREInternalupdated Relationships,
Taxonomy_MappingsCWE Content TeamMITREInternalupdated Common_ConsequencesCWE Content TeamMITREInternalupdated Description, Name,
RelationshipsCWE Content TeamMITREInternalupdated Applicable_Platforms, Common_Consequences,
Observed_Examples, Other_Notes, Potential_Mitigations, Theoretical_Notes,
Weakness_OrdinalitiesCWE Content TeamMITREInternalupdated Applicable_Platforms, Demonstrative_Examples,
Detection_Factors, Likelihood_of_Exploit, Potential_Mitigations, References,
Related_Attack_Patterns, RelationshipsCWE Content TeamMITREInternalupdated Related_Attack_PatternsCWE Content TeamMITREInternalupdated Common_Consequences, Potential_Mitigations,
ReferencesCWE Content TeamMITREInternalupdated Potential_Mitigations, Relationship_Notes,
RelationshipsCWE Content TeamMITREInternalupdated Demonstrative_Examples, Observed_Examples,
Potential_MitigationsCWE Content TeamMITREInternalupdated Common_Consequences, Demonstrative_Examples,
Weakness_OrdinalitiesCWE Content TeamMITREInternalupdated Common_ConsequencesCWE Content TeamMITREInternalupdated RelationshipsCWE Content TeamMITREInternalupdated Relationships,
Taxonomy_MappingsCWE Content TeamMITREInternalupdated Demonstrative_Examples, Potential_Mitigations,
References, RelationshipsCWE Content TeamMITREInternalupdated Potential_MitigationsCWE Content TeamMITREInternalupdated Potential_Mitigations,
ReferencesCWE Content TeamMITREInternalupdated Relationships, Taxonomy_MappingsCWE Content TeamMITREInternalupdated RelationshipsPrevious Entry NamesChange DatePrevious Entry
NameUnchecked Array