Mapping Between CWE-658 or CWE-659 and Polyspace Bug Finder Defect Checkers

CWE™-658 and CWE-659 are a set of weaknesses specific to C and C++. The weaknesses enumerated in these subsets can be detected by using Polyspace® Bug Finder™ defect checkers and mapped to these CWE rules.

CWE-658: Weaknesses in Software Written in C

CWE-658 is a subset of common weaknesses found specifically in C programs. See CWE-658.

The following table lists the CWE rules from this subset that are addressed by Polyspace Bug Finder defects, with corresponding defect checkers.

CWE IDDescription Polyspace Bug Finder Defect Checker Short Name
14Compiler Removal of Code to Clear Buffers

UNCERTAIN_MEMORY_CLEANING

119Improper Restriction of Operations within the Bounds of a Memory Buffer

DANGEROUS_STD_FUNC

DATA_LENGTH_MISMATCH

INDETERMINATE_STRING

MEM_STD_LIB

MISSING_NULL_CHAR

OTHER_STD_LIB

OUT_BOUND_ARRAY

OUT_BOUND_PTR

SIZEOF_MISUSE

STRLIB_BUFFER_OVERFLOW

STRLIB_BUFFER_UNDERFLOW

STR_FORMAT_BUFFER_OVERFLOW

STR_STD_LIB

TAINTED_ARRAY_INDEX

TAINTED_PTR_OFFSET

TAINTED_STRING

120Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

DANGEROUS_STD_FUNC

MEM_STD_LIB

STRLIB_BUFFER_OVERFLOW

STR_STD_LIB

TAINTED_STRING

121Stack-based Buffer Overflow

DANGEROUS_STD_FUNC

MEM_STD_LIB

STRLIB_BUFFER_OVERFLOW

STR_STD_LIB

TAINTED_ARRAY_INDEX

122Heap-based Buffer Overflow

DANGEROUS_STD_FUNC

STRLIB_BUFFER_OVERFLOW

TAINTED_PTR_OFFSET

123Write-what-where Condition

DANGEROUS_STD_FUNC

MEM_STD_LIB

TAINTED_ARRAY_INDEX

TAINTED_PTR_OFFSET

TAINTED_STRING

124Buffer Underwrite ('Buffer Underflow')

STRLIB_BUFFER_UNDERFLOW

TAINTED_ARRAY_INDEX

TAINTED_PTR_OFFSET

125Out-of-bounds Read

CONTAINER_STD_LIB

DANGEROUS_STD_FUNC

MEM_STD_LIB

MISSING_NULL_CHAR

OUT_BOUND_ARRAY

OUT_BOUND_PTR

SIZEOF_MISUSE

STRLIB_BUFFER_OVERFLOW

STRLIB_BUFFER_UNDERFLOW

STR_FORMAT_BUFFER_OVERFLOW

STR_STD_LIB

TAINTED_ARRAY_INDEX

TAINTED_PTR_OFFSET

TAINTED_STRING

126Buffer Over-read

STR_FORMAT_BUFFER_OVERFLOW

127Buffer Under-read

STR_FORMAT_BUFFER_OVERFLOW

128Wrap-around Error

INT_CONSTANT_OVFL

INT_CONV_OVFL

INT_OVFL

TAINTED_SIGN_CHANGE

UINT_CONSTANT_OVFL

UINT_CONV_OVFL

UINT_OVFL

129Improper Validation of Array Index

STR_STD_LIB

TAINTED_ARRAY_INDEX

TAINTED_INT_DIVISION

TAINTED_INT_MOD

TAINTED_PTR_OFFSET

130Improper Handling of Length Parameter Inconsistency

DATA_LENGTH_MISMATCH

131Incorrect Calculation of Buffer Size

OUT_BOUND_ARRAY

OUT_BOUND_PTR

PTR_SIZEOF_MISMATCH

TAINTED_MEMORY_ALLOC_SIZE

TAINTED_SIGN_CHANGE

TAINTED_VLA_SIZE

134Use of Externally-Controlled Format String

STRING_FORMAT

TAINTED_STRING_FORMAT

135Incorrect Calculation of Multi-Byte String Length

NARROW_WIDE_STR_MISUSE

PTR_CAST

STRLIB_BUFFER_OVERFLOW

170Improper Null Termination

MISSING_NULL_CHAR

READLINK_MISUSE

STR_STD_LIB

TAINTED_STRING

188Reliance on Data/Memory Layout

INVALID_MEMORY_ASSUMPTION

MEMCMP_PADDING_DATA

MISSING_BYTESWAP

190Integer Overflow or Wraparound

INT_CONSTANT_OVFL

INT_CONV_OVFL

INT_OVFL

INT_PRECISION_EXCEEDED

SHIFT_OVFL

TAINTED_MEMORY_ALLOC_SIZE

UINT_CONSTANT_OVFL

UINT_CONV_OVFL

UINT_OVFL

191Integer Underflow (Wrap or Wraparound)

INT_CONSTANT_OVFL

INT_OVFL

UINT_CONSTANT_OVFL

UINT_CONV_OVFL

UINT_OVFL

192Integer Coercion Error

INT_CONV_OVFL

SIGN_CHANGE

TAINTED_SIGN_CHANGE

UINT_CONV_OVFL

193Off-by-one Error

DANGEROUS_STD_FUNC

OUT_BOUND_ARRAY

194Unexpected Sign Extension

SIGN_CHANGE

TAINTED_SIGN_CHANGE

195Signed to Unsigned Conversion Error

SIGN_CHANGE

TAINTED_SIGN_CHANGE

196Unsigned to Signed Conversion Error

SIGN_CHANGE

197Numeric Truncation Error

FLOAT_CONV_OVFL

INT_CONV_OVFL

MEMSET_INVALID_VALUE

SIGN_CHANGE

TAINTED_SIGN_CHANGE

UINT_CONV_OVFL

242Use of Inherently Dangerous Function

DANGEROUS_STD_FUNC

OBSOLETE_STD_FUNC

243Creation of chroot Jail Without Changing Working Directory

CHROOT_MISUSE

244Improper Clearing of Heap Memory Before Release ('Heap Inspection')

SENSITIVE_HEAP_NOT_CLEARED

248Uncaught Exception

UNCAUGHT_EXCEPTION

362Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

FILE_EXPOSURE_TO_CHILD

364Signal Handler Race Condition

SIG_HANDLER_ASYNC_UNSAFE

SIG_HANDLER_ASYNC_UNSAFE_STRICT

SIG_HANDLER_SHARED_OBJECT

366Race Condition within a Thread

ATOMIC_VAR_ACCESS_TWICE

ATOMIC_VAR_SEQUENCE_NOT_ATOMIC

DATA_RACE

DATA_RACE_BIT_FIELDS

DATA_RACE_STD_LIB

375Returning a Mutable Object to an Untrusted Caller

BREAKING_DATA_ENCAPSULATION

396Declaration of Catch for Generic Exception

CATCH_FOR_GENERIC_EXCEPTION

397Declaration of Throws for Generic Exception

THROW_FOR_GENERIC_EXCEPTION

401Missing Release of Memory after Effective Lifetime

MEM_LEAK

THREAD_MEM_LEAK

403Exposure of File Descriptor to Unintended Control Sphere ('File Descriptor Leak')

MISSING_PRIVILEGE_DROP_CHECK

RESOURCE_LEAK

415Double Free

DOUBLE_DEALLOCATION

416Use After Free

FREED_PTR

457Use of Uninitialized Variable

NON_INIT_MEMBER

NON_INIT_PTR

NON_INIT_VAR

463Deletion of Data Structure Sentinel

MISSING_NULL_CHAR

464Addition of Data Structure Sentinel

UNSAFE_STR_TO_NUMERIC

466Return of Pointer Value Outside of Expected Range

OUT_BOUND_ARRAY

OUT_BOUND_PTR

467Use of sizeof() on a Pointer Type

PTR_SIZEOF_MISMATCH

SIZEOF_MISUSE

468Incorrect Pointer Scaling

BAD_PTR_SCALING

OUT_BOUND_ARRAY

OUT_BOUND_PTR

PTR_TO_DIFF_ARRAY

469Use of Pointer Subtraction to Determine Size

PTR_TO_DIFF_ARRAY

474Use of Function with Inconsistent Implementations

OBSOLETE_STD_FUNC

SIG_HANDLER_CALLING_SIGNAL

476NULL Pointer Dereference

NULL_PTR

478Missing Default Case in Multiple Condition Expression

MISSING_SWITCH_CASE

479Signal Handler Use of a Non-reentrant Function

SIG_HANDLER_ASYNC_UNSAFE

SIG_HANDLER_ASYNC_UNSAFE_STRICT

480Use of Incorrect Operator

BAD_EQUAL_EQUAL_USE

BAD_EQUAL_USE

481Assigning instead of Comparing

BAD_EQUAL_USE

482Comparing instead of Assigning

BAD_EQUAL_EQUAL_USE

483Incorrect Block Delimitation

INCORRECT_INDENTATION

SEMICOLON_CTRL_STMT_SAME_LINE

484Omitted Break Statement in Switch

MISSING_SWITCH_BREAK

500Public Static Field Not Marked Final

PUBLIC_STATIC_FIELD_NOT_CONST

558Use of getlogin() in Multithreaded Application

UNSAFE_STD_FUNC

560Use of umask() with chmod-style Argument

BAD_UMASK

562Return of Stack Variable Address

LOCAL_ADDR_ESCAPE

587Assignment of a Fixed Address to a Pointer

FUNC_PTR_ABSOLUTE_ADDR

676Use of Potentially Dangerous Function

DANGEROUS_STD_FUNC

DATA_RACE_STD_LIB

STRLIB_BUFFER_OVERFLOW

STR_FORMAT_BUFFER_OVERFLOW

UNSAFE_STR_TO_NUMERIC

UNSAFE_SYSTEM_CALL

681Incorrect Conversion between Numeric Types

FLOAT_CONV_OVFL

INT_TO_FLOAT_PRECISION_LOSS

685Function Call With Incorrect Number of Arguments

FUNC_CAST

STRING_FORMAT

TOO_MANY_VA_ARG_CALLS

690Unchecked Return Value to NULL Pointer Dereference

RETURN_NOT_CHECKED

TAINTED_STRING

UNPROTECTED_MEMORY_ALLOCATION

704Incorrect Type Conversion or Cast

BAD_INT_PTR_CAST

CHARACTER_MISUSE

CHAR_EOF_CONFUSED

INT_CONV_OVFL

INT_TO_FLOAT_PRECISION_LOSS

OBJECT_SIZE_MISMATCH

PTR_CAST

QUALIFIER_MISMATCH

SIGN_CHANGE

TAINTED_SIGN_CHANGE

UINT_CONV_OVFL

733Compiler Optimization Removal or Modification of Security-critical Code

UNCERTAIN_MEMORY_CLEANING

762Mismatched Memory Management Routines

BAD_FREE

WIN_MISMATCH_DEALLOC

763Release of Invalid Pointer or Reference

BAD_FREE

766Critical Data Element Declared Public

CRITICAL_DATA_MEMBER_DECLARED_PUBLIC

767Access to Critical Private Variable via Public Method

BREAKING_DATA_ENCAPSULATION

783Operator Precedence Logic Error

OPERATOR_PRECEDENCE

785Use of Path Manipulation Function without Maximum-sized Buffer

PATH_BUFFER_OVERFLOW

786Access of Memory Location Before Start of Buffer

STRLIB_BUFFER_UNDERFLOW

787Out-of-bounds Write

STRLIB_BUFFER_OVERFLOW

STRLIB_BUFFER_UNDERFLOW

788Access of Memory Location After End of Buffer

DANGEROUS_STD_FUNC

DATA_LENGTH_MISMATCH

MEM_STD_LIB

OTHER_STD_LIB

OUT_BOUND_ARRAY

OUT_BOUND_PTR

STRLIB_BUFFER_OVERFLOW

STRLIB_BUFFER_UNDERFLOW

STR_FORMAT_BUFFER_OVERFLOW

STR_STD_LIB

TAINTED_ARRAY_INDEX

TAINTED_PTR_OFFSET

TAINTED_SIGN_CHANGE

789Memory Allocation with Excessive Size Value

PTR_SIZEOF_MISMATCH

TAINTED_MEMORY_ALLOC_SIZE

TAINTED_VLA_SIZE

805Buffer Access with Incorrect Length Value

DATA_LENGTH_MISMATCH

MEM_STD_LIB

OTHER_STD_LIB

SIZEOF_MISUSE

STRLIB_BUFFER_OVERFLOW

STRLIB_BUFFER_UNDERFLOW

STR_FORMAT_BUFFER_OVERFLOW

STR_STD_LIB

806Buffer Access Using Size of Source Buffer

STRLIB_BUFFER_OVERFLOW

STR_STD_LIB

824Access of Uninitialized Pointer

NON_INIT_PTR

825Expired Pointer Dereference

DOUBLE_DEALLOCATION

FREED_PTR

INVALID_ENV_POINTER

LOCAL_ADDR_ESCAPE

PUTENV_AUTO_VAR

TEMP_OBJECT_ACCESS

839Numeric Range Comparison Without Minimum Check

TAINTED_PTR_OFFSET

TAINTED_SIGN_CHANGE

910Use of Expired File Descriptor

CLOSED_RESOURCE_USE

911Improper Update of Reference Count

FREED_PTR

1335Incorrect Bitwise Shift of Integer

SHIFT_NEG

SHIFT_OVFL

1341Multiple Releases of Same Resource or Handle

DOUBLE_RESOURCE_CLOSE

CWE-659: Weaknesses in Software Written in C++

CWE-659 is a subset of common weaknesses found specifically in C++ programs. See CWE-659.

The following table lists the CWE rules from this subset that are addressed by Polyspace Bug Finder defects, with corresponding defect checkers.

CWE IDDescription Polyspace Bug Finder Defect Checker Short Name
119Improper restriction of operations within the bounds of a memory buffer

DANGEROUS_STD_FUNC

DATA_LENGTH_MISMATCH

INDETERMINATE_STRING

MEM_STD_LIB

MISSING_NULL_CHAR

OTHER_STD_LIB

OUT_BOUND_ARRAY

OUT_BOUND_PTR

SIZEOF_MISUSE

STRLIB_BUFFER_OVERFLOW

STRLIB_BUFFER_UNDERFLOW

STR_FORMAT_BUFFER_OVERFLOW

STR_STD_LIB

TAINTED_ARRAY_INDEX

TAINTED_PTR_OFFSET

TAINTED_STRING

120Buffer copy without checking size of input ('Classic buffer overflow')

DANGEROUS_STD_FUNC

MEM_STD_LIB

STRLIB_BUFFER_OVERFLOW

STR_STD_LIB

TAINTED_STRING

121Stack-based buffer overflow

DANGEROUS_STD_FUNC

MEM_STD_LIB

STRLIB_BUFFER_OVERFLOW

STR_STD_LIB

TAINTED_ARRAY_INDEX

122Heap-based buffer overflow

DANGEROUS_STD_FUNC

STRLIB_BUFFER_OVERFLOW

TAINTED_PTR_OFFSET

124Buffer underwrite ('Buffer underflow')

STRLIB_BUFFER_UNDERFLOW

TAINTED_ARRAY_INDEX

TAINTED_PTR_OFFSET

125Out-of-bounds read

CONTAINER_STD_LIB

DANGEROUS_STD_FUNC

MEM_STD_LIB

MISSING_NULL_CHAR

OUT_BOUND_ARRAY

OUT_BOUND_PTR

SIZEOF_MISUSE

STRLIB_BUFFER_OVERFLOW

STRLIB_BUFFER_UNDERFLOW

STR_FORMAT_BUFFER_OVERFLOW

STR_STD_LIB

TAINTED_ARRAY_INDEX

TAINTED_PTR_OFFSET

TAINTED_STRING

126Buffer over-read

STR_FORMAT_BUFFER_OVERFLOW

127Buffer under-read

STR_FORMAT_BUFFER_OVERFLOW

128Wrap-around error

INT_CONSTANT_OVFL

INT_CONV_OVFL

INT_OVFL

TAINTED_SIGN_CHANGE

UINT_CONSTANT_OVFL

UINT_CONV_OVFL

UINT_OVFL

129Improper validation of array index

STR_STD_LIB

TAINTED_ARRAY_INDEX

TAINTED_INT_DIVISION

TAINTED_INT_MOD

TAINTED_PTR_OFFSET

130Improper handling of length parameter inconsistency

DATA_LENGTH_MISMATCH

131Incorrect calculation of buffer size

OUT_BOUND_ARRAY

OUT_BOUND_PTR

PTR_SIZEOF_MISMATCH

TAINTED_MEMORY_ALLOC_SIZE

TAINTED_SIGN_CHANGE

TAINTED_VLA_SIZE

134Use of Externally-Controlled Format String

STRING_FORMAT

TAINTED_STRING_FORMAT

135Incorrect Calculation of Multi-Byte String Length

NARROW_WIDE_STR_MISUSE

PTR_CAST

STRLIB_BUFFER_OVERFLOW

170Improper null termination

MISSING_NULL_CHAR

READLINK_MISUSE

STR_STD_LIB

TAINTED_STRING

188Reliance on data/memory layout

INVALID_MEMORY_ASSUMPTION

MEMCMP_PADDING_DATA

MISSING_BYTESWAP

191Integer underflow (Wrap or wraparound)

INT_CONSTANT_OVFL

INT_OVFL

UINT_CONSTANT_OVFL

UINT_CONV_OVFL

UINT_OVFL

192Integer coercion error

INT_CONV_OVFL

SIGN_CHANGE

TAINTED_SIGN_CHANGE

UINT_CONV_OVFL

194Unexpected sign extension

SIGN_CHANGE

TAINTED_SIGN_CHANGE

195Signed to unsigned conversion error

SIGN_CHANGE

TAINTED_SIGN_CHANGE

196Unsigned to signed conversion error

SIGN_CHANGE

197Numeric truncation error

FLOAT_CONV_OVFL

INT_CONV_OVFL

MEMSET_INVALID_VALUE

SIGN_CHANGE

TAINTED_SIGN_CHANGE

UINT_CONV_OVFL

242Use of inherently dangerous function

DANGEROUS_STD_FUNC

OBSOLETE_STD_FUNC

243Creation of chroot jail without changing working directory

CHROOT_MISUSE

244Improper Clearing of Heap Memory Before Release ('Heap Inspection')

SENSITIVE_HEAP_NOT_CLEARED

362Concurrent execution using shared resource with improper synchronization ('Race Condition')

FILE_EXPOSURE_TO_CHILD

364Signal handler race condition

SIG_HANDLER_ASYNC_UNSAFE

SIG_HANDLER_ASYNC_UNSAFE_STRICT

SIG_HANDLER_SHARED_OBJECT

366Race condition within a thread

ATOMIC_VAR_ACCESS_TWICE

ATOMIC_VAR_SEQUENCE_NOT_ATOMIC

DATA_RACE

DATA_RACE_BIT_FIELDS

DATA_RACE_STD_LIB

375Returning a mutable object to an untrusted caller

BREAKING_DATA_ENCAPSULATION

401Missing Release of Memory after Effective Lifetime

MEM_LEAK

THREAD_MEM_LEAK

415Double free

DOUBLE_DEALLOCATION

416Use after free

FREED_PTR

457Use of uninitialized variable

NON_INIT_MEMBER

NON_INIT_PTR

NON_INIT_VAR

466Return of pointer value outside of expected range

OUT_BOUND_ARRAY

OUT_BOUND_PTR

467Use of sizeof() on a pointer type

PTR_SIZEOF_MISMATCH

SIZEOF_MISUSE

468Incorrect pointer scaling

BAD_PTR_SCALING

OUT_BOUND_ARRAY

OUT_BOUND_PTR

PTR_TO_DIFF_ARRAY

469Use of pointer subtraction to determine size

PTR_TO_DIFF_ARRAY

476NULL pointer dereference

NULL_PTR

478Missing Default Case in Multiple Condition Expression

MISSING_SWITCH_CASE

479Signal handler use of a non-reentrant function

SIG_HANDLER_ASYNC_UNSAFE

SIG_HANDLER_ASYNC_UNSAFE_STRICT

480Use of incorrect operator

BAD_EQUAL_EQUAL_USE

BAD_EQUAL_USE

481Assigning instead of comparing

BAD_EQUAL_USE

482Comparing instead of assigning

BAD_EQUAL_EQUAL_USE

483Incorrect block delimitation

INCORRECT_INDENTATION

SEMICOLON_CTRL_STMT_SAME_LINE

484Omitted break statement in switch

MISSING_SWITCH_BREAK

558Use of getlogin() in multithreaded application

UNSAFE_STD_FUNC

562Return of stack variable address

LOCAL_ADDR_ESCAPE

587Assignment of a fixed address to a pointer

FUNC_PTR_ABSOLUTE_ADDR

676Use of potentially dangerous function

DANGEROUS_STD_FUNC

DATA_RACE_STD_LIB

STRLIB_BUFFER_OVERFLOW

STR_FORMAT_BUFFER_OVERFLOW

UNSAFE_STR_TO_NUMERIC

UNSAFE_SYSTEM_CALL

690Unchecked return value to null pointer dereference

RETURN_NOT_CHECKED

TAINTED_STRING

UNPROTECTED_MEMORY_ALLOCATION

704Incorrect type conversion or cast

BAD_INT_PTR_CAST

CHARACTER_MISUSE

CHAR_EOF_CONFUSED

INT_CONV_OVFL

INT_TO_FLOAT_PRECISION_LOSS

OBJECT_SIZE_MISMATCH

PTR_CAST

QUALIFIER_MISMATCH

SIGN_CHANGE

TAINTED_SIGN_CHANGE

UINT_CONV_OVFL

762Mismatched memory management routines

BAD_FREE

WIN_MISMATCH_DEALLOC

767Access to critical private variable via public method

BREAKING_DATA_ENCAPSULATION

783Operator precedence logic error

OPERATOR_PRECEDENCE

785Use of path manipulation function without maximum-sized buffer

PATH_BUFFER_OVERFLOW

787Out-of-bounds write

STRLIB_BUFFER_OVERFLOW

STRLIB_BUFFER_UNDERFLOW

789Memory Allocation with Excessive Size Value

PTR_SIZEOF_MISMATCH

TAINTED_MEMORY_ALLOC_SIZE

TAINTED_VLA_SIZE

805Buffer access with incorrect length value

DATA_LENGTH_MISMATCH

MEM_STD_LIB

OTHER_STD_LIB

SIZEOF_MISUSE

STRLIB_BUFFER_OVERFLOW

STRLIB_BUFFER_UNDERFLOW

STR_FORMAT_BUFFER_OVERFLOW

STR_STD_LIB

910Use of expired file descriptor

CLOSED_RESOURCE_USE

See Also

Topics