...
| Code Block | ||
|---|---|---|
| ||
...
new_buff = malloc(strlen(secret)+1);
if (!new_buff) {
/* Handle Error */
}
strcpy(new_buff, secret);
/* Process new_buff... */
free(new_buff);
...
|
Compliant Solution 1
...
| Code Block | ||
|---|---|---|
|
h2. ||
Non-Compliant
...
Code
...
Example
...
2
...
Using
...
realloc()
...
to
...
resize
...
dynamic
...
memory
...
may
...
allow
...
heap
...
inspection
...
attacks.
...
realloc()
...
may
...
allocate
...
a
...
new,
...
larger
...
block
...
of
...
memory,
...
copy
...
the
...
contents,
...
of
...
buffer
...
to
...
this
...
new
...
block,
...
free()
...
the
...
original
...
block,
...
and
...
assign
...
the
...
newly
...
allocated
...
block
...
to
...
buffer
...
.
...
However,
...
the
...
contents
...
of
...
the
...
original
...
block
...
may
...
remain
...
in
...
heap
...
memory
...
after
...
being
...
marked
...
for
...
deallocation.
| Code Block | ||||
|---|---|---|---|---|
| =
| |||
}
...
buffer = realloc(buffer,new_size);
...
|
...