...
In this noncompliant code example, an array of long is allocated and assigned to p. This example also checks for unsigned integer overflow in compliance with INT32-C. Ensure that operations on signed integers do not result in overflow. The code also ensures that len is not equal to zero. (See MEM04-C. Do not perform Beware of zero-length allocations.) However, sizeof(int) is used to size the allocated memory. If sizeof(long) is larger than sizeof(int), then an insufficient amount of memory is allocated.
...
| CERT C Secure Coding Standard | ARR01-C. Do not apply the sizeof operator to a pointer when taking the size of an array INT31-C. Ensure that integer conversions do not result in lost or misinterpreted data INT32-C. Ensure that operations on signed integers do not result in overflow INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size MEM04-C. Do not perform Beware of zero-length allocations VOID EXP01-C. Do not take the size of a pointer to determine the size of the pointed-to type |
| CERT C++ Secure Coding Standard | MEM35-CPP. Allocate sufficient memory for an object |
| ISO/IEC TR 24772:2013 | Buffer Boundary Violation (Buffer Overflow) [HCB] |
| ISO/IEC TS 17961 | Taking the size of a pointer to determine the size of the pointed-to type [sizeofptr] |
| MITRE CWE | CWE-190, Integer overflow (wrap or wraparound)CWE-131, Incorrect calculation of buffer sizeCWE-467, Use of sizeof() on a pointer type |
...