...
As you can see, the invalid() function is not perfect; it only identifies NULL pointers and pointers to functions as invalid.
Non-Compliant Code Example
This function increments the value pointed to by its argument. It also ensures that its argument is not a null pointer. But the pointer could still be invalid, thus causing the function to corrupt memory, or possibly terminate abnormally.
| Code Block | ||
|---|---|---|
| ||
void incr(int *intptr) {
if (intptr == NULL) {
/* handle error */
}
*intptr++;
}
|
Compliant Solution
By using the invalid() function defined above, the function is less likely to modify memory outside its bounds.
| Code Block | ||
|---|---|---|
| ||
void incr(int *intptr) {
if (invalid( intptr)) {
/* handle error */
}
*intptr++;
}
|
Compliant Solution (assert)
Since invalid pointers are often indicative of a bug in the program, one can use the assert() macro to terminate immediately if an invalid pointer is discovered.
| Code Block | ||
|---|---|---|
| ||
#include <assert.h>
void incr(int *intptr) {
assert(!invalid( intptr));
*intptr++;
}
|
Risk Assessment
A pointer validation library can be used to identify, and thus, prevent the execution of vulnerable code
...