Off-by-one error
Description
The software calculates or uses an incorrect maximum or minimum value that is 1 more, or 1 less, than the correct value, which can lead to buffer overflows, out-of-bounds access, or other security vulnerabilities.
Examples
Insecure Code
c
char buf[10]; buf[10] = 'a';Secure Code
c
char buf[10]; buf[9] = 'a';Remediation
Review the code to ensure that buffer sizes and indices are correctly calculated, and consider using size-aware functions to prevent off-by-one errors.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0738 |
| Category | Injection |
| Severity | HIGH |
| CWE | CWE-193 |
| Confidence | MEDIUM |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | buffer overflow, off-by-one |
| OWASP | N/A |
References
- https://cwe.mitre.org/data/definitions/787
- https://github.com/struct/mms
- https://g.co/kgs/PCHQjJ
- https://cwe.mitre.org/data/definitions/193