Rule 24-5-2 - NoMemoryFunctionsFromCString.ql

Adds a new query to detect use of banned cstring functions. [a]

Author: lcartey

cpp/misra/src/rules/RULE-24-5-2/NoMemoryFunctionsFromCString.ql

@@ -0,0 +1,26 @@
+/**
+ * @id cpp/misra/no-memory-functions-from-c-string
+ * @name RULE-24-5-2: The C++ Standard Library functions memcpy, memmove and memcmp from <cstring> shall not be used
+ * @description Using memcpy, memmove or memcmp from <cstring> can result in undefined behavior due
+ *              to overlapping memory, non-trivially copyable objects, or unequal comparison of
+ *              logically equal objects.
+ * @kind problem
+ * @precision very-high
+ * @problem.severity error
+ * @tags external/misra/id/rule-24-5-2
+ *       scope/single-translation-unit
+ *       external/misra/enforcement/decidable
+ *       external/misra/obligation/required
+ */
+
+import cpp
+import codingstandards.cpp.misra
+import codingstandards.cpp.BannedFunctions
+
+class BannedMemoryFunction extends Function {
+  BannedMemoryFunction() { this.hasGlobalOrStdName(["memcpy", "memmove", "memcmp"]) }
+}
+
+from BannedFunctions<BannedMemoryFunction>::Use use
+where not isExcluded(use, BannedAPIsPackage::noMemoryFunctionsFromCStringQuery())
+select use, use.getAction() + " banned function '" + use.getFunctionName() + "' from <cstring>."

cpp/misra/test/rules/RULE-24-5-2/NoMemoryFunctionsFromCString.expected

@@ -0,0 +1,23 @@
+| test.cpp:9:3:9:8 | call to memcpy | Call to banned function 'memcpy' from <cstring>. |
+| test.cpp:10:3:10:13 | call to memcpy | Call to banned function 'memcpy' from <cstring>. |
+| test.cpp:17:3:17:9 | call to memmove | Call to banned function 'memmove' from <cstring>. |
+| test.cpp:18:3:18:14 | call to memmove | Call to banned function 'memmove' from <cstring>. |
+| test.cpp:25:12:25:17 | call to memcmp | Call to banned function 'memcmp' from <cstring>. |
+| test.cpp:26:12:26:22 | call to memcmp | Call to banned function 'memcmp' from <cstring>. |
+| test.cpp:30:52:30:57 | memcpy | Address taken for banned function 'memcpy' from <cstring>. |
+| test.cpp:31:52:31:58 | memmove | Address taken for banned function 'memmove' from <cstring>. |
+| test.cpp:32:56:32:61 | memcmp | Address taken for banned function 'memcmp' from <cstring>. |
+| test.cpp:34:52:34:62 | memcpy | Address taken for banned function 'memcpy' from <cstring>. |
+| test.cpp:36:7:36:18 | memmove | Address taken for banned function 'memmove' from <cstring>. |
+| test.cpp:38:7:38:17 | memcmp | Address taken for banned function 'memcmp' from <cstring>. |
+| test.cpp:50:7:50:12 | call to memcmp | Call to banned function 'memcmp' from <cstring>. |
+| test.cpp:53:7:53:17 | call to memcmp | Call to banned function 'memcmp' from <cstring>. |
+| test.cpp:61:7:61:12 | call to memcmp | Call to banned function 'memcmp' from <cstring>. |
+| test.cpp:64:7:64:17 | call to memcmp | Call to banned function 'memcmp' from <cstring>. |
+| test.cpp:71:3:71:8 | call to memcpy | Call to banned function 'memcpy' from <cstring>. |
+| test.cpp:72:3:72:9 | call to memmove | Call to banned function 'memmove' from <cstring>. |
+| test.cpp:74:3:74:13 | call to memcpy | Call to banned function 'memcpy' from <cstring>. |
+| test.cpp:75:3:75:14 | call to memmove | Call to banned function 'memmove' from <cstring>. |
+| test.cpp:78:1:78:28 | #define CUSTOM_MEMCPY memcpy | Call to banned function 'memcpy' from <cstring>. |
+| test.cpp:79:1:79:30 | #define CUSTOM_MEMMOVE memmove | Call to banned function 'memmove' from <cstring>. |
+| test.cpp:80:1:80:28 | #define CUSTOM_MEMCMP memcmp | Call to banned function 'memcmp' from <cstring>. |

cpp/misra/test/rules/RULE-24-5-2/NoMemoryFunctionsFromCString.qlref

@@ -0,0 +1 @@
+rules/RULE-24-5-2/NoMemoryFunctionsFromCString.ql

cpp/misra/test/rules/RULE-24-5-2/test.cpp

@@ -0,0 +1,89 @@
+#include <cstdint>
+#include <cstring>
+#include <string.h>
+
+void test_memcpy_usage() {
+  std::uint8_t l1[10];
+  std::uint8_t l2[10];
+
+  memcpy(l1, l2, 10);      // NON_COMPLIANT
+  std::memcpy(l1, l2, 10); // NON_COMPLIANT
+}
+
+void test_memmove_usage() {
+  std::uint8_t l1[10];
+  std::uint8_t l2[10];
+
+  memmove(l1, l2, 10);      // NON_COMPLIANT
+  std::memmove(l1, l2, 10); // NON_COMPLIANT
+}
+
+void test_memcmp_usage() {
+  std::uint8_t l1[10];
+  std::uint8_t l2[10];
+
+  int l3 = memcmp(l1, l2, 10);      // NON_COMPLIANT
+  int l4 = std::memcmp(l1, l2, 10); // NON_COMPLIANT
+}
+
+void test_function_pointers() {
+  void *(*l1)(void *, const void *, std::size_t) = memcpy;     // NON_COMPLIANT
+  void *(*l2)(void *, const void *, std::size_t) = memmove;    // NON_COMPLIANT
+  int (*l3)(const void *, const void *, std::size_t) = memcmp; // NON_COMPLIANT
+
+  void *(*l4)(void *, const void *, std::size_t) = std::memcpy; // NON_COMPLIANT
+  void *(*l5)(void *, const void *, std::size_t) =
+      std::memmove; // NON_COMPLIANT
+  int (*l6)(const void *, const void *, std::size_t) =
+      std::memcmp; // NON_COMPLIANT
+}
+
+struct S {
+  bool m1;
+  std::int64_t m2;
+};
+
+void test_struct_comparison() {
+  S l1{true, 42};
+  S l2{true, 42};
+
+  if (memcmp(&l1, &l2, sizeof(S)) != 0) { // NON_COMPLIANT
+  }
+
+  if (std::memcmp(&l1, &l2, sizeof(S)) != 0) { // NON_COMPLIANT
+  }
+}
+
+void test_buffer_comparison() {
+  char l1[12];
+  char l2[12];
+
+  if (memcmp(l1, l2, sizeof(l1)) != 0) { // NON_COMPLIANT
+  }
+
+  if (std::memcmp(l1, l2, sizeof(l1)) != 0) { // NON_COMPLIANT
+  }
+}
+
+void test_overlapping_memory() {
+  std::uint8_t l1[20];
+
+  memcpy(l1 + 5, l1, 10);  // NON_COMPLIANT
+  memmove(l1 + 5, l1, 10); // NON_COMPLIANT
+
+  std::memcpy(l1 + 5, l1, 10);  // NON_COMPLIANT
+  std::memmove(l1 + 5, l1, 10); // NON_COMPLIANT
+}
+
+#define CUSTOM_MEMCPY memcpy   // NON_COMPLIANT
+#define CUSTOM_MEMMOVE memmove // NON_COMPLIANT
+#define CUSTOM_MEMCMP memcmp   // NON_COMPLIANT
+
+void test_macro_expansion() {
+  std::uint8_t l1[10];
+  std::uint8_t l2[10];
+
+  CUSTOM_MEMCPY(l1, l2, 10);
+  CUSTOM_MEMMOVE(l1, l2, 10);
+  int l3 = CUSTOM_MEMCMP(l1, l2, 10);
+}