Integer values used as a size argument to malloc(), calloc(), or realloc() must be valid and large enough to contain the type of object to be stored. If size arguments are incorrect, or can be manipulated by an attacker to cause , then a buffer overflow . Inadequate may occur. Incorrect size arguments, inadequate range checking, integer overflow, or truncation can result in the allocation of an inadequately sized buffer. The programmer must ensure that size arguments to memory allocation functions allocates allocate sufficient memory.
Non-Compliant Code Example 1
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM35-C | 3 (high) | 2 (probable) | 1 (high) | P6 | L2 |
Automated Detection
The Coverity Prevent SIZECHECK checker finds memory allocations that are assigned to a pointer that reference objects larger than the allocated block (Example 3 above). Coverity Prevent cannot discover all violations of this rule so further verification is necessary.
Related Vulnerabilities
Search for Examples of vulnerabilities resulting from the violation of this rule can be found on the CERTwebsite.
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory Management Functions"
\[[Seacord 05|AA. C References#Seacord 05]\] Chapter 4, "Dynamic Memory Management," and Chapter 5, "Integer Security"
\[Coverity 07\] Coverity Prevent User's Manual (3.3.0) (2007). |