...
| Code Block |
|---|
#define MIN_SIZE_ALLOWED 10
void func2(int *list, size_t list_size) {
if (size < MIN_SIZE_ALLOWED) {
/* Handle Error Condition */
return;
}
/* Process list */
}
void func1 (size_t number) {
int *list = malloc (number * sizeof(int));
if (list == NULL) {
/* Handle Allocation Error */
}
func2(list,number);
/* Continue Processing list */
free(list);
}
|
Priority: P6 Level: L2
The mismanagement of memory can lead to freeing memory multiple times or writing to already freed memory. Both of these problems can result in an attacker executing arbitrary code with the permissions of the vulnerable process. Memory management errors can also lead to resource depletion and denial-of-service attacks.
Component | Value |
|---|---|
Severity | 3 (high) |
Likelihood | 2 (unlikely) |
Remediation cost | 1 (high) |
References
- Seacord 05 Chapter 4, Dynamic Memory Management
- Consistent Memory Management Conventions, Dan Plakosh
- MIT Kerberos 5 Security Advisory 2004-002