...
Compass/ROSE could check violations of this rule by examining the size expression to malloc() or memcpy() functions. Specifically the size argument should be bounded by 0, SIZE_MAX, and, unless it is a variable of type size_t or rsize_t, it should be bounds-checked before the malloc() call. If the argument is of the expression a*b, then an appropriate check is:
| Code Block |
|---|
if (a < SIZE_MAX / b && a > 0) ...
|
...