SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 106

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 107

changes.mady.by.user Svyatoslav Razmyslov

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Program stacks are frequently used for convenient temporary storage because allocated memory is automatically freed when the function returns. Generally, the operating system grows the stack as needed. However, growing the stack can fail because of a lack of memory or a collision with other allocated areas of the address space (depending on the architecture). When the stack is exhausted, the operating system can terminate the program abnormally. This behavior can be exploited, and an attacker can cause a denial-of-service attack if he or she can control or influence the amount of stack memory allocated.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MEM05-C

Medium

Likely

Medium

P12

L1

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

IO.TAINT.SIZE

MISC.MEM.SIZE.BAD

Tainted Allocation Size

Unreasonable Size Argument

Coverity

Include Page
Coverity_V
Coverity_V

STACK_USE

Can help detect single stack allocations that are dangerously large, although it will not detect excessive stack use resulting from recursion

Klocwork
Include Page
Klocwork_V
Klocwork_V
MISRA.FUNC.RECUR
 

LDRA tool suite
Include Page
LDRA_V
LDRA_V
44 SEnhanced Enforcement
Polyspace Bug FinderR2016a

Tainted size of variable length array

Variable length array with nonpositive size

Size of the variable-length array (VLA) is from an unsecure source and may be zero, negative, or too large

Size of variable-length array is zero or negative

PRQA QA-C
Include Page
PRQA QA-C_v
PRQA QA-C_v

1520
3670

1051

Partially implemented
PVS-Studio6.22V505General analysis rule

Related Vulnerabilities

Stack overflow has been implicated in Toyota unintended acceleration cases, where Camry and other Toyota vehicles accelerated unexpectedly.  Michael Barr testified at the trial that a stack overflow could corrupt the critical variables of the operating system, because they were located in memory adjacent to the top of the stack [Samek 2014].

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID MEM05-CPP. Avoid large stack allocations
ISO/IEC TR 24772:2013Recursion [GDL]
MISRA C:2012Rule 17.2 (required)

Bibliography

[Loosemore 2007]Section 3.2.5, "Automatic Storage with Variable Size"
[Samek 2014]

Are We Shooting Ourselves in the Foot with Stack Overflow?

Monday, February 17th, 2014 by Miro Samek

[Seacord 2013]Chapter 4, "Dynamic Memory Management"
[van Sprundel 2006]"Stack Overflow"

...


...