SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 34

changes.mady.by.user Jill Britton

Saved on

compared with

New Version 35

changes.mady.by.user Pranjal Jumde

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated for consistency with TS 17961

...

Code Block
bgColor#ccccff
langc
void f(FILE *file) {
  wchar_t wbuf[BUFSIZ];

  const size_t size = sizeof *wbuf;
  const size_t nitems = sizeof wbuf / size;

  size_t nread;

  nread = fread(wbuf, size, nitems, file);
  /* ... */
}

Noncompliant Code Example 

In this noncompliant example, the integer skip is scaled when added to the pointer s and may point outside the bounds of the object referenced by s.

Code Block
bgColor#ffcccc
langc
struct big {
  unsigned long long ull_1;
  unsigned long long ull_2;
  unsigned long long ull_3;
  int si_4;
  int si_5;
};
 
void g(void) {
  size_t skip = offsetof(struct big, ull_2);
  struct big *s = (struct big *)malloc(4 * sizeof(struct big));
  if (!s) {
    /* ... */
  }
 
  memset(s + skip, 0, sizeof(struct big) - skip);  /* violation */
 
  /* ... */
}

Compliant Solution

The following compliant solution does not scale skip.

Code Block
bgColor#ccccff
langc
struct big {
  unsigned long long ull_1;
  unsigned long long ull_2;
  unsigned long long ull_3;
  int si_4;
  int si_5;
};
 
void g(void) {
  size_t skip = offsetof(struct big, ull_2);
  struct big *s = (struct big *)malloc(4 * sizeof(struct big));
  if (!s) {
    /* ... */
  }
 
  memset(skip, 0, sizeof(struct big) - skip);  
 
  /* ... */
}

Risk Assessment

Accessing out of range pointers or array subscripts for writing can result in a buffer overflow and the execution of arbitrary code with the permissions of the vulnerable process or unintended information disclosure.

...