SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 123

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 124

changes.mady.by.user John Benito

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Change to return a -1 to indicate a failure.

...

Code Block
bgColor#FFCCCC
langc
struct big {
  unsigned long long ull_1; /* typically 8 bytes */
  unsigned long long ull_2; /* typically 8 bytes */
  unsigned long long ull_3; /* typically 8 bytes */
  int si_4; /* typically 4 bytes */
  int si_5; /* typically 4 bytes */
};
/* ... */
 
int f(void) {
  size_t skip = offsetof(struct big, ull_2);
  struct big *s = (struct big *)malloc(sizeof(struct big));
  if (!s) {
   return -1; /* HandleIndicate malloc() errorfailure */
  }

  memset(s + skip, 0, sizeof(struct big) - skip);
  /* ... */
  free(s);
  s = NULL;

  
  return 0;
}

A similar situation occurred in OpenBSD's make command [Murenin 2007].

...

Code Block
bgColor#CCCCFF
langc
struct big {
  unsigned long long ull_1; /* typically 8 bytes */
  unsigned long long ull_2; /* typically 8 bytes */
  unsigned long long ull_3; /* typically 8 bytes */
  int si_4; /* typically 4 bytes */
  int si_5; /* typically 4 bytes */
};
/* ... */
 
int f(void) {
  size_t skip = offsetof(struct big, ull_2);
  struct big *s = (struct big *)malloc(sizeof(struct big));
  if (!s) {
    return -1; /* HandleIndicate malloc() errorfailure */
  }

  memset((char *)s + skip, 0, sizeof(struct big) - skip);
/* ... */
  free(s);
  s = NULL;

 
  return 0;
}

Risk Assessment

Failure to understand and properly use pointer arithmetic can allow an attacker to execute arbitrary code.

...