...
| Wiki Markup |
|---|
To correct this error, ensure the pointer returned by {{malloc()}} is not NULL. In addition to this rule, this should be done in accordance with rule \[[MEM32-C|MEM32-C. Detect and handle critical memory allocation errors]\]. |
| Code Block | ||
|---|---|---|
| ||
/* ... */
size_t size = strlen(input_str);
if (size == SIZE_MAX) { /* test for limit of size_t */
/* Handle Error */
}
str = malloc(size+1);
if (str == NULL) {
/* Handle Allocation Error */
}
strcpy(str, input_str);
/* ... */
|
Risk Assessment
| Wiki Markup |
|---|
Dereferencing an invalid pointer results in undefined behavior, typically abnormal program termination. In some situations, however, dereferencing a null pointer can lead to the execution of arbitrary code \[[van de Sprundel 06|AA. C References#van de Sprundel 06], [Jack 07|AA. C References#Jack 07]]. The indicated severity is for this more severe case; on platforms where it is not possible to exploit a null pointer dereference to execute arbitrary code the actual severity is low. |
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP34-C | 3 (high) | 3 (likely) | 1 2 (highmedium) | P9 P18 | L2 L3 |
Examples of vulnerabilities resulting from the violation of this rule can be found on the CERT website.
...
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.3.2.3, "Pointers" \[[Jack 07|AA. C References#Jack 07]] \[[van de Sprundel 06|AA. C References#van de Sprundel 06]] \[[Viega 05|AA. C References#Viega 05]\] Section 5.2.18, "Null-pointer dereference" |