SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 41

changes.mady.by.user Jeffrey Gennari

Saved on

compared with

New Version 42

changes.mady.by.user Jeffrey Gennari

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
...
temp_buff = calloc(new_size,sizeof(char)); /* use calloc() to zero-out allocated space */
if (temp_buff == NULL) {
 /* Handle Error */
}

if (secret_size > new_size)  /* may lead to truncation */
secret_size = new_size;

memcpy(temp_buff, secret , secret_size);
memset(secret,'\0',secret_size);         /* sanitize the buffer */

free(secret);
secret = temp_buff;                      /* install the resized buffer */
temp_buff = NULL;
...

Wiki Markup
Note that this solution may truncate the contents of original buffer, {{secret}}, if the size of the resized buffer is smaller. This behavior is similar to how {{realloc()}} handles resizing to a smaller block of memory \[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\].

Risk Assessment

Failure to clear dynamic memory can result in leaked information.

...