A tainted value is used as an array subscript.
A value is considered "tainted" if it comes into the program from outside, for example, through an input operation. Tainted values should be regarded with suspicion, because security attacks often involve a malicious user finding a way to get a strange value into a program entry point. In this case, the tainted value is used as an array subscript. This could potentially allow a malicious user to provoke a bounds violation.
The checker removes the tainted attribute on a value if it sees evidence that the value is being examined before it is used.
ID |
Observation |
Description |
---|---|---|
1 |
Memory read |
The place the tainted value was used |
2 |
Call site |
The call from which the tainted value was obtained |
int myArray[10]; int main(int argc, char **argv) { int index = atoi(argv[1]); return myArray[index]; // bad: index is unvalidated value }
Copyright © 2010, Intel Corporation. All rights reserved.