Easily misused function may lead to buffer overflows
Description
The input buffer is the number of bytes in the string, but the size of the output buffer is the number of characters. To avoid overflows, the application must determine the correct buffer size which depends on the data type the buffer receives.
Examples
Insecure Code
c
MultiByteToWideChar(...)Secure Code
c
Calculate the correct buffer size before calling MultiByteToWideChar()Remediation
Determine the correct buffer size based on the data type the buffer receives to avoid overflows.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0561 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-120 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | buffer overflow |
| OWASP | A1:2017-Injection, A03:2021-Injection |