...
| Code Block | ||
|---|---|---|
| ||
if (size > SIZE_MAX/sizeof(char *)) {
fprintf(
log_file,
__FILE__ ": size %zu exceeds SIZE_MAX/sizeof(char *)\n",
size
);
size = SIZE_MAX/sizeof(char *);
}
table_size = size * sizeof(char *);
|
Risk Assessment
Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities. The absence of assertions, however, does not mean that code is incorrect.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC11-A C | low | unlikely | high | P1 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.2.1, "Program diagnostics" |
...
MSC10-C. Character Encoding - UTF8 Related Issues 13. Miscellaneous (MSC) MSC12-AC. Detect and remove code that has no effect