...
| Code Block |
|---|
void *AllocBlocks(size_t cBlocks) {
size_t alloc;
if (cBlocks == 0) return NULL;
alloc = multsize_t(cBlocks, 16);
if (errno) {
return NULL;
}
else {
return malloc(alloc);
}
} /* end AllocBlocks */
|
Priority: P6 Level: L2
Providing invalid size arguments to memory allocation functions can lead to buffer overflows and the execution of arbitrary code with the permissions of the vulnerable process.
Component | Value |
|---|---|
Severity | 3 (high) |
Likelihood | 2 (probable) |
Remediation cost | 1 (high) |
References
- ISO/IEC 9899-1999 Section 7.20.3 , Memory Management Functions
- Seacord 05 Chapter 4 , Dynamic Memory Management; Chapter 5 , Integers