Description -
A programmer should keep a check on the following (sub-sections):
- ânâ > size of âpâ // for func(p,n)
- ânâ and âpâ are not compatible
- ânâ > size of âpâ or size of âqâ || âpâ and âqâ are not compatible // for func(p,q, n)
- âpâ and âqâ are compatible but not with ânâ
- Correct usage of expression E // for E: T* = mem_alloc(n)
This noncompliant code example assigns a value greater than the size of dynamic memory to 'n' which is then passed to the memset().
| 
void f1 (size_t nchars) {
char *p = (char *)malloc(nchars);
const size_t n = nchars + 1;
memset(p, 0, n);
/* More program code */
}
 | 
This compliant solution makes sure that the value of 'n' is not greater the size of the dynamic memory pointed to by the pointer 'p':
| 
void f1 (size_t nchars, size_t val) {
char *p = (char *)malloc(nchars);
const size_t n = val;
if (nchars - n < 0) {
     /* Handle Error */
}
else {
	memset(p, 0, n);
}
/* More program code */
}
 | 
Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.
| Rule | Severity | Likelihood | Remediation Cost | Priority | Level | 
|---|---|---|---|---|---|
| ARR38-C | high | likely | medium | P18 | L1 | 
WG14 Document: N1579 - Rule 5.34 Forming Invalid pointers by library functions.