SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 61

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 62

changes.mady.by.user cjohns

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
See \[[INT35-C. Evaluate integer expressions in a larger size before comparing or assigning to that size]\] for more information on upcasting.

...

Wiki Markup
In this compliant solution, the integer values passed as size arguments to memory allocation functions are of the correct size and have not been altered due to integer overflow \[[INT32-C. Ensure that integer operations do not result in an overflow]\] or truncation \[[INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data]\].

Code Block
bgColor#ccccff
enum { BLOCKSIZE = 16 };
...
void *AllocBlocks(size_t cBlocks) {
  size_t alloc;

  if (cBlocks == 0 || cBlocks > SIZE_MAX / BLOCKSIZE) return NULL;
  return malloc (cBlocks * BLOCKSIZE);
} /* end AllocBlocks */

Wiki Markup
This example checks the value of {{cBlocks}} to make sure the subsequent multiplication operation cannot result in an integer overflow.  The code also ensures that {{cBlocks}} is not equal to zero (see \[[MEM04-A. Do not make assumptions about the result of allocating 0 bytes]\]).

Non-Compliant Code Example (Range Checking)

...

Wiki Markup
See \[[INT01-A. Use rsize_t or size_t for all integer values representing the size of an object]\] for more information on  representing the size of objects.

...

Wiki Markup
The code also ensures that {{len}} is not equal to zero (see \[[MEM04-A. Do not make assumptions about the result of allocating 0 bytes]\]).

Risk Assessment

Providing invalid size arguments to memory allocation functions can lead to buffer overflows and the execution of arbitrary code with the permissions of the vulnerable process.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MEM35-C

3 (high)

2 (probable)

1 (high)

P6

L2

Automated Detection

Fortify SCA Version 5.0 with CERT C Rule Pack can detect violations of this rule, except those involving the sizeof operator.

Coverity Prevent. The SIZECHECK checker finds memory allocations that are assigned to a pointer that reference objects larger than the allocated block. Coverity Prevent cannot discover all violations of this rule so further verification is necessary.

...