...
With regards to the standard memory allocation routines, because the ISO/IEC 9899-1999 standard defines malloc(), calloc(), realloc() as taking a variable of type size_t for a size argument, when a size value corrupted by intermediate storage is supplied as a size parameter to an allocation routine, it will may resolve to an unexpected value. This error leads to the allocation of memory with an unexpected size.
To prevent this error, size parameters should not be operated on in a way that they are transferred and stored in different data types. Furthermore, size parameters should be checked for integer conversion errors before they are supplied to malloc(), calloc(), or realloc().
Non-compliant Code Example 1
| Code Block |
|---|
/ |
References
ISO/IEC 9899-199 Section 7.20.3 Memory Management Functions