...
Because size is controlled by the user, it could be specified to be either large enough to consume large amounts of system resources and still succeed or large enough to cause the call to malloc() to fail, which, depending on how error handling is implemented, may result in a denial of service condition.
Compliant Solution
| Wiki Markup |
|---|
This compliant solution defines the acceptable range for {{size}} as {{\[1, MAX_TABLE_SIZE\]}}. The {{size}} parameter is declared as {{size_t}}, which is unsigned by definition. Consequently, it is not necessary to check {{size}} for negative values (see [INT01-A. Use size_t for all integer values representing the size of an object]). |
| Code Block | ||
|---|---|---|
| ||
enum { MAX_TABLE_SIZE = 256 };
int create_table(size_t size) {
char **table;
if (size == 0 || size > MAX_TABLE_SIZE) {
/* Handle invalid size */
}
/*
* The wrap check has been omitted based on the assumption that
* MAX_TABLE_SIZE * sizeof(char *) cannot exceed SIZE_MAX
* If this assumption is not valid, a check must be added
*/
size_t table_size = size * sizeof(char *);
table = malloc(table_size);
if (table == NULL) {
/* Handle error condition */
}
/* ... */
return 0;
}
|
...