Page History

...

Code Block

bgColor	#FFcccc
lang	c

int f(void) { /* assumingAssuming 32-bit pointer, 32-bit integer */
  size_t i;
  int **matrix = (int **)calloc(100, 4);
  if (matrix == NULL) {
    return -1; /* Indicate calloc() failure */
  }

  for (i = 0; i < 100; i++) {
    matrix[i] = (int *)calloc(i, 4);
    if (matrix[i] == NULL) {
      return -1; /* Indicate calloc() failure */
    }
  }

 
  return 0;
}

Compliant Solution

...

Code Block

bgColor	#ccccff
lang	c

int f(void) {
  size_t i;
  int **matrix = (int **)calloc(100, sizeof(*matrix));
  if (matrix == NULL) {
    return -1; /* Indicate calloc() failure */
  }

  for (i = 0; i < 100; i++) {
    matrix[i] = (int *)calloc(i, sizeof(**matrix));
    if (matrix[i] == NULL) {
      return -1; /* Indicate calloc() failure */
    }
  }

 
  return 0;
}

Also see MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type for a discussion on the use of the sizeof operator with memory allocation functions.

Exceptions

EXP09-C-EX1: The C Standard explicitly declares sizeof(char) == 1, so any sizes based on characters or character arrays may be evaluated without using sizeof. This does not apply to char* or any other data types.

...

Porting code with hard-coded sizes can result in a buffer overflow or related vulnerability.

Recommendation	Severity	Likelihood

Remediation Cost

Detectable	Repairable	Priority	Level
EXP09-C	High

high

Unlikely

unlikely

No

medium

Yes

P6

L2

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

alloc-without-sizeof

Partially checked

Compass/ROSE

Can detect violations of this recommendation. In particular, it looks for the size argument of malloc(), calloc(), or realloc() and flags when it does not find a sizeof operator in the argument expression. It does not flag if the return value is assigned to a char *; in this case a string is being allocated, and sizeof is unnecessary because sizeof(char) == 1

ECLAIR

Include Page

	ECLAIR_V
	ECLAIR_V

funcalls

CC2.EXP09 Can detect violations of this recommendation. In particular, it considers when the size of a type is used by malloc(), calloc() or realloc() and flags these functions if either the size argument does not use a sizeof operator, or the size argument uses sizeof, but the type of the returned value is not a pointer to the type of the argument to sizeof. It does not flag if the returned value is assigned to a char *

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C0701

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

201 S

Partially implemented

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rec. EXP09-C

Checks for hard-coded object size used to manipulate memory (rec. fully covered)

RuleChecker

Include Page

	RuleChecker_V
	RuleChecker_V

alloc-without-sizeof

Partially checked

Security Reviewer - Static Reviewer

Include Page

	Security Reviewer - Static Reviewer_V
	Security Reviewer - Static Reviewer_V

C38
C39
C40
C42
C44
C45
C46
C46

Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++

Secure

Coding Standard	VOID EXP09-CPP. Use sizeof to determine the size of a type or variable
MITRE CWE	CWE-805, Buffer access with incorrect length value

...

Image Modified Image Modified Image Modified

Space shortcuts

Page tree

Versions Compared

Old Version 82

New Version Current

Key

Compliant Solution

Exceptions

Automated Detection

Related Vulnerabilities

Related Guidelines