...
GCC allows specifying declaration attributes using the keyword __attribute__((__packed__)). When this attribute is present, the compiler will not add padding bytes for memory alignment unless an explicit alignment specifier for a structure member requires the introduction of padding bytes.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stddef.h>
struct test {
int a;
char b;
int c;
} __attribute__((__packed__));
/* Safely copy bytes to user space */
extern int copy_to_user(void *dest, void *src, size_t size);
void do_stuff(void *usr_buf) {
struct test arg = {.a = 1, .b = 2, .c = 3};
copy_to_user(usr_buf, &arg, sizeof(arg));
}
|
...
Padding units might contain sensitive data because the C Standard allows any padding to take unspecified values. A pointer to such a structure could be passed to other functions, causing information leakage.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
DCL39-C | Low | Unlikely | No | YesHigh | P1P2 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| function-argument-with-padding | Partially checked | ||||||
| Axivion Bauhaus Suite |
| CertC-DCL39 | Detects composite structures with padding, in particular those passed to trust boundary routines. | ||||||
| CodeSonar |
| MISC.PADDING.POTB | Padding Passed Across a Trust Boundary | ||||||
| Cppcheck Premium |
| premium-cert-dcl39-c | |||||||
| Helix QAC |
| DF4941, DF4942, DF4943 | Fully implemented | ||||||
| Klocwork |
| PORTING.STORAGE.STRUCT | Fully implemented | ||||||
| Parasoft C/C++test |
| CERT_C-DCL39-a | A pointer to a structure should not be passed to a function that can copy data to the user space | ||||||
| CERT C: Rule DCL39-C | Checks for information leak via structure padding | |||||||
| RuleChecker |
| function-argument-with-padding | Partially checked |
...