 
                            ...
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| enum { buffer_size = 50 };
struct buffer {
  size_t size;
  char bufferC[buffer_size];
} buff;
/* ... */
void func(const struct buffer *buf) {
  /*
   * Incorrectly assumes sizeof(struct buffer) =
   * sizeof(size_t) + sizeof(buff.bufferC)
   */
  struct buffer *buf_cpy = (struct buffer *)malloc(
    sizeof(size_t) + sizeof(buff.bufferC(buffer_size * sizeof(char) /* 1 */)
  );
  if (buf_cpy == NULL) {
    /* Handle malloc() error */
  }
  /* 
   * With padding, sizeof(struct buffer) may be greater than
   * sizeof(size_t) + sizeof(buff.bufferC), causing some data  
   * to be written outside the bounds of the memory allocated.
   */
  memcpy(buf_cpy, buf, sizeof(struct buffer));
  /* ... */
  free(buf_cpy);
}
 | 
...
| Code Block | ||||
|---|---|---|---|---|
| 
 | ||||
| enum { buffer_size = 50 };
struct buffer {
  size_t size;
  char bufferC[buffer_size];
} buff;
/* ... */
void func(const struct buffer *buf) {
  struct buffer *buf_cpy = 
    (struct buffer *)malloc(sizeof(struct buffer));
  if (buf_cpy == NULL) {
    /* Handle malloc() error */
  }
  /* ... */
  memcpy(buf_cpy, buf, sizeof(struct buffer));
  /* ... */
  free(buf_cpy);
}
 | 
...
Failure to correctly determine the size of a structure can lead to subtle logic errors and incorrect calculations, the effects of which can lead to abnormal program termination, memory corruption, or execution of arbitrary code.
| Recommendation | Severity | Likelihood | Detectable | 
|---|
| Repairable | Priority | Level | 
|---|---|---|
| EXP03-C | 
| High | Unlikely | No | 
| No | 
| P3 | L3 | 
Automated Detection
| Tool | Version | Checker | Description | 
|---|
| Astrée | 
 | 
| 
 | 
| 
 | 
400 S
578 S
Fully implemented
| Supported: Astrée reports accesses outside the bounds of allocated memory. | |||||||||
| Helix QAC | 
 | C0697 | |||||||
| LDRA tool suite | 
 | 578 S | Enhanced enforcement | 
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ | 
| Coding Standard | VOID EXP03-CPP. Do not assume the size of a class or struct is the sum of the sizes of its members | 
Bibliography
| [Dowd 2006] | Chapter 6, "C Language Issues" ("Structure Padding," pp. 284–287) | 
| [ISO/IEC 9899:2011] | Subclause 6.7.2.1, "Structure and Union Specifiers" | 
| [Sloss 2004] | Section 5.7, "Structure Arrangement" | 
...
...