...
- invalid user input (including command line arguments and environment variables)
- file errors (e.g.for example, errors opening, reading or writing files)
- network errors (including network protocol errors)
- out of memory conditions (e.g.for example,
malloc()or similar failures) - system resource exhaustion (e.g.for example, out of file descriptors, processes, threads)
- system call errors (e.g.for example, errors executing files, locking or unlocking mutexes)
- invalid permissions (e.g.for example, file, memory, user)
Code that protects against a buffer overflow, for example, cannot be implemented as an assertion because this code must be presented in the deployed executable.
...
The noncompliant code example below uses the assert() macro to verify that memory allocation succeeded. Since Because memory availability depends on the overall state of the system and may become exhausted at any point during a process lifetime, a robust program must be prepared to gracefully handle and recover from its exhaustion. ThusTherefore, using the assert() macro to verify that a memory allocation succeeded would be inappropriate as doing so might lead to an abrupt termination of the process and open up the possibility of a denial-of-service attack. See also MEM11-C. Do not assume infinite heap space and MEM32-C. Detect and handle memory allocation errors.
| Code Block | ||
|---|---|---|
| ||
char * dupstring(const char *str) { size_t len; char *dup; len = strlen(str); dup = (char *)malloc(len + 1); assert(NULL != dup); memcpy(dup, str, len + 1); return dup; } |
| Anchor | ||||
|---|---|---|---|---|
|
...
| Code Block | ||
|---|---|---|
| ||
char * dupstring(const char *str) { size_t len; char *dup; len = strlen(str); dup = (char*)malloc(len + 1); /* detect and handle memory allocation error */ if (NULL == dup) { return NULL; } memcpy(dup, str, len + 1); return dup; } |
Risk Assessment
...