...
In the compliant solution, the program has been changed to eliminate the possibility of str referencing non-dynamic memory and when it is supplied to free().
| Code Block |
|---|
#define MAX_SIZE_ALLOWED 1000
int main(int argc, char *argv[]) {
char *str = NULL;
size_t len;
if (argc == 2) {
len = strlen(argv[1])+1;
if (len > MAX_SIZE_ALLOWED) {
/* Handle Error */
}
str = malloc(len);
if (str == NULL) {
/* Handle Allocation Error */
}
strcpy(str, argv[1]);
}
else {
printf("usage: $>a.exe [string]\n");
return -1;
}
/* ... */
free(str);
return 0;
}
|
...