...
Note that the maximum amount of allocatable memory is typically limited to a value less than SIZE_MAX (the maximum value of size_t). Always check the return value from a call to any memory allocation function.
...
Risk Assessment
Integer overflow in memory allocation functions can lead to buffer overflows that can be exploited by an attacker to execute arbitrary code with the permissions of the vulnerable process. Most implementations of calloc() now check to make sure integer overflow does not occur but it is not always safe to assume the version of calloc() being used is secure, particularly when using dynamically linnked libraries.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
MEM37-C | ||||||
Component | Value | |||||
Severity | 3 (high) | Likelihood | 1 (low) Remediation cost | 1 (high) | P12 | L1 |
References
- ISO/IEC 9899-1999 7.18.3, Limits of other integer types
- Seacord 05 Chapter 4, Dynamic Memory Management
- RUS-CERT Advisory 2002-08:02
- Secunia Advisory SA10635