SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 51

changes.mady.by.user David Keaton

Saved on

compared with

New Version 52

changes.mady.by.user Pamela Curtis

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
/* ... */
size_t size = strlen(input_str);
if (size == SIZE_MAX) { /* test for limit of size_t */
  /* Handle Error */
}
str = malloc(size+1);
strcpy(str, input_str);
/* ... */
free(str);

Wiki MarkupIn accordance with rule \[[MEM35-C. Allocate sufficient memory for an object]\] , the argument supplied to {{malloc()}} is checked to ensure a numeric overflow does not occur. In most cases it is preferable to check that this value does not exceed some maximum allocation that is typically much smaller than {{SIZE_MAX}}.

Compliant Solution

...

To correct this error, ensure the pointer returned by {{malloc()}} is not null. This also ensures compilance with \[[compliance with MEM32-C. Detect and handle critical memory allocation errors]\].

Code Block
bgColor#ccccff
/* ... */
size_t size = strlen(input_str);
if (size == SIZE_MAX) { /* test for limit of size_t */
  /* Handle Error */
}
str = malloc(size+1);
if (str == NULL) {
  /* Handle Allocation Error */
}
strcpy(str, input_str);
/* ... */
free(str);

...

Wiki Markup
Dereferencing a null pointer results in undefined behavior, typically abnormal program termination.  In some situations, however, dereferencing a null pointer can lead to the execution of arbitrary code \[[vanJack Sprundel 0607|AA. C References#vanReferences#Jack Sprundel 0607], [Jackvan Sprundel 0706|AA. C References#van References#JackSprundel 0706]\].  The indicated severity is for this more severe case; on platforms where it is not possible to exploit a null pointer dereference to execute arbitrary code, the actual severity is low.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP34-C

3 (high)

3 (likely)

2 (medium)

P18

L1

Automated Detection

Coverity Prevent

The Coverity Prevent CHECKED_RETURN, NULL_RETURNS, and REVERSE_INULL checkers can all find violations of this rule. The CHECKED_RETURN finds instances where a pointer is checked against NULL, and then later dereferenced. The NULL_RETURNS checker identifies function functions that can return a null pointer but are not checked. The REVERSE_INULL identifies code that dereferences a pointer and then checks the pointer against NULL. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...