Skip to content

Out-of-Bounds Write

Rule ID

MI109

Definition

The software writes data past the end, or before the beginning, of the intended buffer.

Example

See one of the applicable code examples from CWE.

1
2
3
4
5
6
7
8
int id_sequence[3];

/* Populate the id array. */

id_sequence[0] = 123;
id_sequence[1] = 234;
id_sequence[2] = 345;
id_sequence[3] = 456;

The following code attempts to save four different identification numbers into an array. Since the array is only allocated to hold three elements, the valid indices are 0 to 2; so, the assignment to id_sequence[3] is out of bounds.

References

  • Common Weakness Enumeration: CWE-121
  • Common Weakness Enumeration: CWE-122
  • Common Weakness Enumeration: CWE-787
  • Common Weakness Enumeration: CWE-913