...
In this example, input_str is copied into dynamically allocated memory referenced by str. If malloc() fails, it returns an invalid (null) pointer that is assigned to str. When str is dereferenced in strcpy(), the program behave in an unpredictable manner.
| Code Block | ||
|---|---|---|
| ||
...
size_t size = strlen(input_str);
if (size == SIZE_MAX) {
/* Handle Error */
}
str = malloc(size+1);
strcpy(str, input_str);
...
|
...
To correct this error, ensure the pointer returned by malloc() is not invalid (null). In addition to this rule, this should be done in accordance with rule MEM32-C. Detect and handle critical memory allocation errors.
| Code Block | ||
|---|---|---|
| ||
...
size_t size = strlen(input_str);
if (size == SIZE_MAX) {
/* Handle Error */
}
str = malloc(size+1);
if (str == NULL) {
/* Handle Allocation Error */
}
strcpy(str, input_str);
...
|
...
- ISO/IEC 9899-1999 6.3.2.3 Pointers
- Viega 05 Section 5.2.18 Null-pointer dereference