SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 113

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user Anirban Gangopadhyay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
langc
enum { buffer_size = 50 };

struct buffer {
  size_t size;
  char bufferC[buffer_size];
};

/* ... */

void func(const struct buffer *buf) {

  /*
   * Incorrectly assumes sizeof(struct buffer) =
   * sizeof(size_t) + sizeof(bufferC)
   */
  struct buffer *buf_cpy = (struct buffer *)malloc(
    sizeof(size_t) + sizeof(buf_cpy->bufferC) 
   buffer_size * sizeof(char) /* safe b/c we only care about type in sizeof operator1 */)
  );

  if (buf_cpy == NULL) {
    /* Handle malloc() error */
  }

  /* 
   * With padding, sizeof(struct buffer) may be greater than
   * sizeof(size_t) + sizeof(buff.bufferC), causing some data  
   * to be written outside the bounds of the memory allocated.
   */
  memcpy(buf_cpy, buf, sizeof(struct buffer));

  /* ... */

  free(buf_cpy);
}

...

Recommendation

Severity

Likelihood

Detectable

Remediation CostRepairable

Priority

Level

EXP03-C

High

Unlikely

No

HighNo

P3

L3

Automated Detection

PRQA QA-CPartially implemented

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported: Astrée reports accesses outside the bounds of allocated memory.
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0697
LDRA tool suite
Include Page
LDRA_V
LDRA_V

578 S

Enhanced enforcement

Polyspace Bug Finder

Include Page

PRQA QA-C_vPRQA QA-C_v0697

Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec EXP03-C

Checks for incorrectly computed struct size (rec. fully covered).

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...