Addition overflow of allocation size
Can detect violations of this rule by ensuring that operations are checked for overflow before being performed (Be mindful of exception INT30-EX2 because it excuses many operations from requiring validation, including all the operations that would validate a potentially dangerous operation. For instance, adding two
|LDRA tool suite|
|493 S, 494 S||Partially implemented|
Avoid integer overflows
|Polyspace Bug Finder|
|CERT C: Rule INT30-C|
|Overflow from operation between unsigned integers|
Rule fully covered.
2910 [C], 2911 [D], 2912 [A],
2913 [S], 3383, 3384, 3385, 3386
|2910, 2911, 2912, 2913|
|unsigned overflow||Exhaustively verified.|
CVE-2009-1385 results from a violation of this rule. The value performs an unchecked subtraction on the
length of a buffer and then adds those many bytes of data to another buffer [xorl 2009]. This can cause a buffer overflow, which allows an attacker to execute arbitrary code.