...
In this non-compliant example, setfile() and usefile() do not validate their parameters. It is possible that an invalid file pointer may be used by the library, corrupting the library's internal state and exposing a vulnerability.
| Code Block | ||
|---|---|---|
| ||
/* sets some internal state in the library */
extern int setfile(FILE *file);
/* performs some action using the file passed earlier */
extern int usefile();
static FILE *myFile;
int setfile(FILE *file) {
myFile = file;
return 0;
}
int usefile() {
/* perform some action here */
return 0;
}
|
...