Description -
A programmer should keep a check on the following (sub-sections):
- ânâ > size of âpâ // for func(p,n)
- ‘n’ and ‘p’ are not compatible
- ânâ > size of âpâ or size of âqâ || âpâ and âqâ are not compatible // for func(p,q, n)
- ‘p’ and ‘q’ are compatible but not with ‘n’
- Correct usage of expression E // for E: T* = mem_alloc(n)
Noncompliant Code Example
This noncompliant code example assigns a value greater than the size of dynamic memory to 'n' which is then passed to the memset().
void f1 (size_t nchars) {
char *p = (char *)malloc(nchars);
const size_t n = nchars + 1;
memset(p, 0, n);
/* More program code */
}
Compliant Solution
This compliant solution makes sure that the value of 'n' is not greater the size of the dynamic memory pointed to by the pointer 'p':
void f1 (size_t nchars, size_t val) {
char *p = (char *)malloc(nchars);
const size_t n = val;
if (nchars - n < 0) {
    /* Handle Error */
}
else {
memset(p, 0, n);
}
/* More program code */
}
Risk Assessment
Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
ARR38-C |
high |
likely |
medium |
P18 |
L1 |
Related Guidelines
Bibliography
WG14 Document: N1579 - Rule 5.34 Forming Invalid pointers by library functions.