...
This piece of code validates the number of command line arguments. If the correct number of commmand line arguments have been specified, the requested amount of memory is validated to ensure that it is an acceptable size, and the memory is allocated with malloc()
. Next, the second command line argument is copied into str
for further processing. Once this processing is complete, str
is freed. However, if the incorrect number of arguments have been specified, str
is set to a string literal and printed. Because str
now references memory that was not dynamically allocated, an error will occur when str
memory is freed.
Code Block | ||
---|---|---|
| ||
#define MAX_ALLOCATION 1000 int main(int argc, char *argv[]) { char *str = NULL; size_t len; if (argc == 2) { len = strlen(argv[1])+1; if (len > MAX_ALLOCATION) { /* Handle Error */ } str = malloc(len); if (str == NULL) { /* Handle Allocation Error */ } strcpy(str,argv[1]); } else { str = "usage: $>a.exe [string]"; printf("%s\n", str); } /* ... */ free(str); return 0; } |
...
In the compliant solution, the program has been changed to eliminate the possibility of str
referencing non-dynamic memory when it is supplied to free()
.
Code Block | ||
---|---|---|
| ||
#define MAX_ALLOCATION 1000 int main(int argc, char *argv[]) { char *str = NULL; size_t len; if (argc == 2) { len = strlen(argv[1])+1; if (len > MAX_ALLOCATION) { /* Handle Error */ } str = malloc(len); if (str == NULL) { /* Handle Allocation Error */ } strcpy(str, argv[1]); } else { printf("%s\n", "usage: $>a.exe [string]"); return -1; } /* ... */ free(str); return 0; } |
...