Different alignments are possible for different types of objects. If the type checking system is overridden by an explicit cast, or the pointer is cast into and out of void *, the alignment of an object may be changed. As a result, if a pointer to one object is converted to a pointer to a different object, the objects must have the same alignment.
C99 allows a pointer may be cast into and out of void *. As a result, it is possible to silently convert from one pointer type to another without the compiler diagnosing the problem by storing or casting a pointer to void * and then storing or casting it to the final type. In this non-compliant code example, the type checking system is circumvented due to the caveats of void pointers.
char *loop_ptr;
int *int_ptr;
int *loop_function(void *v_pointer){
return v_pointer;
}
int_ptr = loop_function(loop_ptr);
|
This example compiles without warning. However, v_pointer may be aligned on a one byte boundary. Once it is cast to an int, some architectures will require that the object is aligned on a four byte boundary. If int_ptr is later dereferenced, the program may termination abnormally.
Because the input parameter directly influences the return value, and loopFunction() returns an int *, the formal parameter v_pointer is redeclared to only accept int *.
int *loop_ptr;
int *int_ptr;
int *loopFunction(int *v_pointer) {
return v_pointer;
}
int_ptr = loopFunction(loop_ptr);
|
The following list shows common alignments for Microsoft, Borland, and GNU compilers for the IA-32 architecture.
Type |
Alignment |
|---|---|
|
1 byte aligned |
|
2 byte aligned |
|
4 byte aligned |
|
4 byte aligned |
|
8 byte on Windows, 4 byte on Linux |
Accessing a pointer or an object that is no longer on the correct access boundary can cause a program to crash, give wrong information, or may cause slow pointer accesses (if the architecture does not care about alignment).
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
EXP36-C |
1 (low) |
2 (probable) |
2 (medium) |
P4 |
L3 |
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
\[[Bryant 03|AA. C References#Bryant 03]\] \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.2.5, "Types" |