...
In the compliant solution, the program has been changed to eliminate the possibility of str referencing non-dynamic memory and when it is supplied to free().
| Code Block |
|---|
#define MAX_SIZE_ALLOWED 1000 int main(int argc, char *argv[]) { char *str = NULL; size_t len; if (argc == 2) { len = strlen(argv[1])+1; if (len > MAX_SIZE_ALLOWED) { /* Handle Error */ } str = malloc(len); if (str == NULL) { /* Handle Allocation Error */ } strcpy(str, argv[1]); } else { printf("usage: $>a.exe [string]\n"); return -1; } /* ... */ free(str); return 0; } |
...