...
This noncompliant code example temporarily stores data read from a source file into a buffer. The buffer is allocated on the stack as a VLA of size bufsize. If bufsize can be controlled by a malicious user, this code can be exploited to cause a denial-of-service attack.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
int copy_file(FILE *src, FILE *dst, size_t bufsize) {
char buf[bufsize];
while (fgets(buf, bufsize, src)) {
if (fputs(buf, dst) == EOF) {
/* Handle error */
}
}
return 0;
}
|
...
This noncompliant implementation of the Fibonacci function uses recursion.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
unsigned long fib1(unsigned int n) {
if (n == 0) {
return 0;
}
else if (n == 1 || n == 2) {
return 1;
}
else {
return fib1(n-1) + fib1(n-2);
}
}
|
...
This implementation of the Fibonacci functions eliminates the use of recursion.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
unsigned long fib2(unsigned int n) {
if (n == 0) {
return 0;
}
else if (n == 1 || n == 2) {
return 1;
}
unsigned long prev = 1;
unsigned long cur = 1;
unsigned int i;
for (i = 3; i <= n; i++) {
unsigned long tmp = cur;
cur = cur + prev;
prev = tmp;
}
return cur;
}
|
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| STACK_USE | Can help detect single stack allocations that are dangerously large, although it will not detect excessive stack use resulting from recursion. | |||||||
| PRQA QA-C |
| 1520 | Partially implemented. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
| CERT C++ Secure Coding Standard | MEM05-CPP. Avoid large stack allocations |
| ISO/IEC TR 24772:2013 | Recursion [GDL] |
| MISRA - C:2012 | Rule 1617.2 (required) |
Bibliography
| [Loosemore 2007] | Section 3.2.5, "Automatic Storage with Variable Size" |
| [Seacord 2013] | Chapter 4, "Dynamic Memory Management" |
| [van Sprundel 2006] | "Stack Overflow" |
...