Copy of overlapping memory

Source and destination arguments of a copy function have overlapping memory

expand all in page

Description

This defect occurs when there is a memory overlap between the source and destination argument of a copy function such as memcpy or strcpy. For instance, the source and destination arguments of strcpy are pointers to different elements in the same string.

Risk

If there is memory overlap between the source and destination arguments of copy functions, according to C standards, the behavior is undefined.

Fix

Determine if the memory overlap is what you want. If so, find an alternative function. For instance:

  • If you are using memcpy to copy values from one memory location to another, use memmove instead of memcpy.

  • If you are using strcpy to copy one string to another, use memmove instead of strcpy, as follows:

    s = strlen(source);
memmove(destination, source, s + 1);

    strlen determines the string length without the null terminator. Therefore, you must move s+1 bytes instead of s bytes.

Examples

expand all

#include <string.h>

char str[] = {"ABCDEFGH"};

void my_copy() {
    strcpy(&str[0],(const char*)&str[2]);
}

In this example, because the source and destination argument are pointers to the same string str, there is memory overlap between their allowed buffers.

Result Information

Group: Programming
Language: C | C++
Default: Off
Command-Line Syntax: OVERLAPPING_COPY
Impact: Medium
CWE ID: 475, 628, 687

See Also

|

Topics

Introduced in R2015b

Polyspace Bug Finder Documentation

Support