...
| Code Block |
|---|
if (s== 0) {
/* Handle Error */
}
list = (int*)malloc(s);
if (list == NULL) {
/* Handle Allocation Error */
}
/* Continue Processing list */
|
Priority: P12 Level: L1
Assuming that allocating zero bytes results in an error can lead to buffer overflows when zero bytes are allocated. Buffer overflows can be exploited by an attacker to run arbitrary code with the permissions of the vulnerable process.
Component | Value |
|---|---|
Severity | 3 (high) |
Likelihood | 2 (probable) |
Remediation cost | 2 (medium) |
References
- ISO/IEC 9899-1999 Section 7.20.3 Memory Management Functions
- Seacord 05 Chapter 4, Dynamic Memory Management