...
Coverity Prevent. The SIZECHECK checker finds memory allocations that are assigned to a pointer that reference objects larger than the allocated block. Coverity Prevent cannot discover all violations of this rule so further verification is necessary.
Compass/ROSE could check violations of this rule by examining the size expression to malloc() or memcpy() functions. Specifically the size argument should be bounded by 0, SIZE_MAX, and, unless it is a variable of type size_t or rsize_t, it should be bounds-checked before the malloc() call. If the argument is of the expression a*b, then an appropriate check is:
| Code Block |
|---|
if (a < SIZE_MAX / b && a > 0) ...
|
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...