C++: tweak overrunning write qhelp files

redsun82 · web-flow · commit 106400238a55 · 2022-01-13T11:59:47.000Z
diff --git a/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.qhelp b/cpp/ql/src/Security/CWE/CWE-120/OverrunWrite.qhelp
@@ -15,11 +15,12 @@
 
 <p>In this example, the call to <code>sprintf</code> writes a message of 14 characters (including the terminating null) plus the length of the string conversion of `userId` into a buffer with space for just 18 characters.  As such, if `userId` is greater or equal to `10000`, the last characters overflow the buffer resulting in undefined behavior.</p>
 
-<p>To fix this issue one of three changes should be made:</p>
+<p>To fix this issue these changes should be made:</p>
 <ul>
-  <li>Preferably, replace the call to <code>sprintf</code> with <code>snprintf</code>, specifying a define or `sizeof(buffer)` as maximum length to copy. This will prevent the buffer overflow.</li>
-  <li>If `userId` is expected to be less than `10000`, then return or throw an error if `userId` is out of bounds.</li>
-  <li>Consider increasing the buffer size to at least 25 characters, so that the message is displayed correctly regardless of the value of `userId`.</li>
+  <li>Control the size of the buffer by declaring it with a compile time constant</li>
+  <li>Preferably, replace the call to <code>sprintf</code> with <code>snprintf</code>, using the defined constant size of the buffer or `sizeof(buffer)` as maximum length to write. This will prevent the buffer overflow.</li>
+  <li>Optionally, if `userId` is expected to be less than `10000`, then return or throw an error if `userId` is out of bounds.</li>
+  <li>Otherwise, consider increasing the buffer size to at least 25 characters, so that the message is displayed correctly regardless of the value of `userId`.</li>
 </ul>
 
 </example>
diff --git a/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.qhelp b/cpp/ql/src/Security/CWE/CWE-120/VeryLikelyOverrunWrite.qhelp
@@ -17,7 +17,8 @@
 
 <p>To fix this issue these changes should be made:</p>
 <ul>
-  <li>Preferably, replace the call to <code>sprintf</code> with <code>snprintf</code>, specifying a define or `sizeof(buffer)` as maximum length to copy. This will prevent the buffer overflow.</li>
+  <li>Control the size of the buffer by declaring it with a compile time constant</li>
+  <li>Preferably, replace the call to <code>sprintf</code> with <code>snprintf</code>, using the defined constant size of the buffer or `sizeof(buffer)` as maximum length to write. This will prevent the buffer overflow.</li>
   <li>Increasing the buffer size to account for the full range of `userId` and the terminating null character.</li>
 </ul>
 
