SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 134

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 135

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

Compass/ROSE

 

 

could check violations of this rule by examining the size expression to malloc() or memcpy() functions. Specifically, the size argument should be bounded by 0, SIZE_MAX, and, unless it is a variable of type size_t or rsize_t, it should be bounds-checked before the malloc() call. If the argument is of the expression a*b, then an appropriate check is:

Code Block
if (a < SIZE_MAX / b && a > 0) ...

Coverity

Include Page
Coverity_V
Coverity_V

BAD_ALLOC_STRLEN


SIZECHECK

Can find instances where string length is miscalculated (length calculated may be one less than intended) for memory allocation purposes. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary

Finds memory allocations that are assigned to a pointer that reference objects larger than the allocated block

Fortify SCA

5.0

 

Can detect violations of this rule with CERT C Rule Pack, except those involving the sizeof operator

Klocwork

9.1

INCORRECT.ALLOC_SIZE

 

LDRA tool suite

Include Page
LDRA_V
LDRA_V

487 S
577 S 

Fully implemented
Fully implemented 

Splint

3.1.1  

Related Vulnerabilities

CVE-2009-0587 results from a violation of this rule. Before version 2.24.5, Evolution Data Server performed unchecked arithmetic operations on the length of a user-input string and used the value to allocate space for a new buffer. An attacker could thereby execute arbitrary code by inputting a long string, resulting in incorrect allocation and buffer overflow [xorl 2009].

...

CERT C Secure Coding StandardINT31-C. Ensure that integer conversions do not result in lost or misinterpreted data
INT32-C. Ensure that operations on signed integers do not result in overflow
INT18-C. Evaluate integer expressions in a larger size before comparing or assigning to that size
MEM04-C. Do not perform zero-length allocations
VOID EXP01-C. Do not take the size of a pointer to determine the size of the pointed-to type
CERT C++ Secure Coding StandardMEM35-CPP. Allocate sufficient memory for an object
ISO/IEC TR 24772:2013Buffer Boundary Violation (Buffer Overflow) [HCB]
ISO/IEC TS 17961Taking the size of a pointer to determine the size of the pointed-to type [sizeofptr]
MITRE CWE
CWE-190, Integer overflow (wrap or wraparound)
CWE-131, Incorrect calculation of buffer size
CWE-467, Use of sizeof() on a pointer type 

Bibliography

[Coverity 2007] 
[Drepper 2006]Section 2.1.1, "Respecting Memory Bounds"
[Seacord 2013]Chapter 4, "Dynamic Memory Management"
Chapter 5, "Integer Security"
[Viega 2005]Section 5.6.8, "Use of sizeof() on a Pointer Type"
[xorl 2009]CVE-2009-0587: Evolution Data Server Base64 Integer Overflows

...