Size parameter stored in variables of type size_t, but operated on in such a way that it they temporarily stored in variables that are not of type size_t may be corrupted as a result of the implicit conversions performed on integer values as they are passed between different types.
With regards to the standard memory allocation routines, because the ISO/IEC 9899-1999 standard defines malloc(), calloc(), realloc() as taking a variable of type size_t for a size argument, when a size value corrupted by intermediate storage is supplied as a size parameter to an allocation routine, it may resolve to an unexpected value. This error leads to the allocation of memory with an unexpected size.
To prevent this error, size parameters should not be operated on in a way that they are transferred and stored in different data types. Furthermore, size parameters should be checked for integer conversion errors before they are supplied to malloc(), calloc(), or realloc().
To prevent this error, size parameters should not be operated on in a way that they are transferred and stored in different data types. Furthermore, size parameters should be checked for integer conversion errors before they are supplied to malloc(), calloc(), or realloc().
Non-compliant Code Example 1
In this example, the calculate_size() routine is used to determine how much memory to allocate to store a user-supplied string.
The result of calculate_size() is used to allocate memory for a buffer to hold the user-supplied string. However, the value returned by calculate_size() is of a signed integer type. When this value is stored in the variable s, its value may may resolve to an unexpected value. This error leads to the allocation of memory with an unexpected size.
int calculate_size(char *str) {
/* calculates the size of a string */
}
int main() {
size_t s = calculate_size(argv[1]);
char *my_str = malloc(s);
if (str != 0) {
/* process string */
}
}
Compliant Code Example 1
To correct this problem it is necessary to ensure that size parameters to allocation routines are stored consistently. In the example below, the calculate_size() routine has been modified to return a size_t type.
size_t calculate_size(char *str) {
/* calculates the size of a string */
}
int main() {
size_t s = calculate_size(argv[1]);
char *my_str = malloc(s);
if (str != 0) {
/* process string */
}
}
Compliant Code Example 2
Another defense against this problem is to check To correct this problem it is necessary to ensure that size parameters to allocation routines are stored consistently. In the example below, the calculate_size() routine has been modified to return a size_t type.
size_t calculate_size(char *str) {
/* calculates the size of a string */
}
int main() {
size_t s = calculate_size(argv[1]);
char *my_str = malloc(s);
if (str != 0) {
/* process string */
}
}
References
ISO/IEC 9899-199 Section 7.20.3 Memory Management Functions