...
In this compliant solution, the integer values passed as size arguments to memory allocation functions are of the correct size and have not been altered due to integer overflow or truncation. (See INT32-C. Ensure that operations on signed integers do not result in overflow and INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data.)
| Code Block | ||||
|---|---|---|---|---|
| ||||
enum { BLOCKSIZE = 16 };
/* ... */
void *alloc_blocks(size_t num_blocks) {
if (num_blocks == 0 || num_blocks > SIZE_MAX / BLOCKSIZE)
return NULL;
return malloc(num_blocks * BLOCKSIZE);
}
|
...
This example also checks for unsigned integer overflow in compliance with INT32-C. Ensure that operations on signed integers do not result in overflow.
Compliant Solution (Size Calculation)
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| 487 S | Fully implemented. | |||||||
Fortify SCA | V. 5.0 |
| Can detect violations of this rule with CERT C Rule Pack, except those involving the | ||||||
| SIZECHECK | Finds memory allocations that are assigned to a pointer that reference objects larger than the allocated block. | |||||||
| BAD_ALLOC_STRLEN | Can find instances where string length is miscalculated (length calculated may be one less than intended) for memory allocation purposes. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary. | |||||||
Compass/ROSE |
|
| could check violations of this rule by examining the size expression to
|
...
ISO/IEC 9899:2011 Section 7.22.3, "Memory management functions"
ISO/IEC TR 24772 "XYB Buffer overflow in heap"
...
MITRE CWE: CWE-131, "Incorrect calculation of buffer size"
Bibliography
[Coverity 2007]
[Seacord 2005] Chapter 4, "Dynamic Memory Management," and Chapter 5, "Integer Security"
[xorl 2009] CVE-2009-0587: Evolution Data Server Base64 Integer Overflows
...