...
In this example, a dynamic array of integers is allocated to store s elements. However, if s is zero, the call to malloc(s) will return a reference to a block of memory of size 0. When data is copied to this location, a heap-buffer overflow will occur.
| Code Block | ||
|---|---|---|
| ||
...
list = malloc(sizeof(int) * s);
if (list == NULL) {
/* Handle Allocation Error */
}
/* Continue Processing list */
|
...
To ensure that zero is never passed as a size argument to malloc(), a check must be made on s to ensure it is not zero.
| Code Block | ||
|---|---|---|
| ||
...
if (s == 0) {
/* Handle Error */
}
list = malloc(sizeof(int) * s);
if (list == NULL) {
/* Handle Allocation Error */
}
/* Continue Processing list */
...
|
...