...
A similar situation arises when realloc() is supplied a pointer to non-dynamically allocated memory. The realloc() function is used to resize a block of dynamic memory. If realloc() is supplied a pointer to memory not allocated by a memory allocation function, such as malloc(), the program may also terminate abnormally.
Non-Compliant Code Example
...
| Code Block |
|---|
#define MAX_SIZE_ALLOWED 1000
int main(int argc, char *argv[]) {
char *str = NULL;
size_t len;
if (argc == 2) {
len = strlen(argv[1])+1;
if (len > MAX_SIZE_ALLOWED) {
/* Handle Error */
}
str = malloc(len);
if (str == NULL) {
/* Handle Allocation Error */
}
strcpy(str, argv[1]);
}
else {
printf("usage: $>a.exe [string]\n");
return -1;
}
/* ... */
free(str);
return 0;
}
|
Priority: P6 Level: L2
Freeing or reallocating memory that was not dynamically allocated could lead to abnormal termination and denial-of-service attacks.
Component | Value |
|---|---|
Severity | 1 (high) |
Likelihood | 3 (likely) |
Remediation cost | 2 (high) |