SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 57

changes.mady.by.user cjohns

Saved on

compared with

New Version 58

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Robustified coding examples

...

In this example, input_str is copied into dynamically allocated memory referenced by str. If malloc() fails, it returns a null pointer that is assigned to str. When str is dereferenced in strcpymemcpy(), the program behaves in an unpredictable manner.

Code Block
bgColor#FFCCCC
/* ... */
size_t size = strlen(input_str)+1;
ifstr (size == SIZE_MAX) { /* test for limit of size_t */
  /* Handle Error */
}
str = (char*) malloc(size+1);
strcpymemcpy(str, input_str, size);
/* ... */
free(str);

In accordance with rule MEM35-C. Allocate sufficient memory for an object, the argument supplied to malloc() is checked to ensure a numeric overflow does not occur. In most cases it is preferable to check that this value does not exceed some maximum allocation that is typically much smaller than SIZE_MAX.

...

Code Block
bgColor#ccccff
/* ... */
size_t size = strlen(input_str)+1;
if (sizestr == SIZE_MAX) { /* test for limit of size_t */
  /* Handle Error */
}
str = (char*) malloc(size+1);
if (str == NULL) {
  /* Handle Allocation Error */
}
strcpymemcpy(str, input_str, size);
/* ... */
free(str);

Risk Assessment

...