...
Non-Compliant Code Example 2
Wiki Markup skip}}, is added as an offset to a pointer of type {{struct big}} and the sum is then used as a destination address in a call to {{memset()}}. However, when {{skip }}is added to the {{struct big}} pointer, it is automatically scaled by the size of {{struct big}}, which is 32 bytes (assuming 4 byte integers, 8 byte long long integers, and no structure padding). This results in the call to {{memset()}} writing to unintended memory.
| Code Block | ||
|---|---|---|
| ||
struct big {
unsigned long long ull_1; /* typically 8 bytes */
unsigned long long ull_2; /* typically 8 bytes */
unsigned long long ull_3; /* typically 8 bytes */
int si_4; /* typically 4 bytes */
int si_5; /* typically 4 bytes */
};
/* ... */
size_t skip = sizeof(unsigned long long);
struct big *s = malloc(sizeof(struct big));
if (!s) {
/* Handle malloc() error */
}
memset(s + skip, 0, sizeof(struct big) - skip);
/* ... */
free(s);
|
...