...
In this compliant solution, the integer values passed as size arguments to memory allocation functions are of the correct size and have not been altered due to integer overflow or truncation. (See rules INT32-C. Ensure that operations on non-atomic signed integers do not result in overflow and INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data.)
| Code Block | ||||
|---|---|---|---|---|
| ||||
enum { BLOCKSIZE = 16 };
/* ... */
void *alloc_blocks(size_t num_blocks) {
if (num_blocks == 0 || num_blocks > SIZE_MAX / BLOCKSIZE)
return NULL;
return malloc(num_blocks * BLOCKSIZE);
}
|
...
This example also checks for unsigned integer overflow in compliance with rule INT32-C. Ensure that operations on non-atomic signed integers do not result in overflow.
Compliant Solution (Size Calculation)
...
CERT C++ Secure Coding Standard: MEM35-CPP. Allocate sufficient memory for an object
ISO/IEC 9899:1999 Section 7.20.3, "Memory Management Functions"
ISO/IEC TR 24772 "XYB Buffer Overflow in Heap"
...
MITRE CWE: CWE-131, "Incorrect Calculation of Buffer Size"
Bibliography
[Coverity 2007]
[Seacord 2005] Chapter 4, "Dynamic Memory Management," and Chapter 5, "Integer Security"
[xorl 2009] "CVE-2009-0587: Evolution Data Server Base64 Integer Overflows"
...