SonarSource · github-actions · Oct 15, 2024 · Oct 15, 2024 · Oct 15, 2024 · Oct 15, 2024
diff --git a/rules/S7128/cfamily/metadata.json b/rules/S7128/cfamily/metadata.json
@@ -0,0 +1,24 @@
+{
+  "title": "\"strlen\" should not be called on incremented pointers",
+  "type": "CODE_SMELL",
+  "status": "ready",
+  "remediation": {
+    "func": "Constant\/Issue",
+    "constantCost": "5min"
+  },
+  "tags": [
+  ],
+  "defaultSeverity": "Major",
+  "ruleSpecification": "RSPEC-7128",
+  "sqKey": "S7128",
+  "scope": "All",
+  "defaultQualityProfiles": ["Sonar way"],
+  "quickfix": "infeasible",
+  "code": {
+    "impacts": {
+      "RELIABILITY": "MEDIUM",
+      "SECURITY": "LOW"
+    },
+    "attribute": "CLEAR"
+  }
+}
diff --git a/rules/S7128/cfamily/rule.adoc b/rules/S7128/cfamily/rule.adoc
@@ -0,0 +1,72 @@
+Calling `strlen(ptr + 1)` looks very similar to the more common pattern `strlen(ptr) + 1` and has unclear intent.
+
+== Why is this an issue?
+
+The call `strlen(ptr) + 1` is commonly used to compute the memory required to copy a string:
+the `+ 1` is needed to allocate space for a null-terminator.
+
+The very similar call `strlen(ptr + 1)` that differs only by the placement of the right parenthesis,
+produces vastly different results:
+
+ * non-empty string computes the length of string without the first character (`strlen(ptr) - 1`)
+ * if the string is empty, it traverses neighboring memory until a null terminator (`'\0'`) is found.
+
+The latter may lead to undefined behavior.
+
+In consequence, calls to `strlen(ptr + 1)` are likely to be unintended
+and the result of a typo. This rule raises issues on such calls.
+
+=== Code examples
+
+==== Noncompliant code example
+
+[source,c,diff-id=1,diff-type=noncompliant]
+----
+size_t size = strlen(ptr + 1); // Noncompliant
+----
+
+==== Compliant solution
+
+If the use of `strlen(ptr + 1)` was an typo:
+
+[source,c,diff-id=1,diff-type=compliant]
+----
+size_t size = strlen(ptr) + 1; // Compliant
+----
+
+In case when the `strlen(ptr + 1)` was intentional, to preserve the same behavior, you may increment the pointer before the call.
+
+[source,c]
+----
+char const* next = ptr + 1;
+size_t size = strlen(next); // Compliant
+----
+
+This will convey the intent more clearly and avoid any uncertainty regarding the intent.
+
+=== What is the potential impact?
+
+If `strlen(ptr + 1)` is accidentally used instead of `strlen(ptr) + 1`, it may have a wide range of effects.
+For example, it can lead to buffer overflow if the operation was used to compute the required memory:
+
+[source,c]
+----
+char* duplicate(char const* source) {
+  char* result = (char*)malloc(strlen(source + 1)); // Should be malloc(strlen(source) + 1))
+  strcpy(result, source);  // Writes two characters outside of "result" buffer
+  return result;
+}
+----
+
+Buffer overflows, as other undefined behavior, have a wide range of effects.
+In many cases, the access works by accident and succeeds at writing or reading a value.
+However, it can start misbehaving at any time.
+If compilation flags, compiler, platform, or runtime environment change,
+the same code can crash the application, corrupt memory, or leak a secret.
+
+=== Going extra mile.
+
+{cpp} offers `std::string`, `std::string_view` and many other functions simplifying operating on strings.
+When possible, higher-level features should be preferred over C-string APIs.
+
+
diff --git a/rules/S7128/metadata.json b/rules/S7128/metadata.json
@@ -0,0 +1,2 @@
+{
+}