...
Because size is controlled by the user, it could be specified to be either large enough to consume large amounts of system resources and still succeed or large enough to cause the call to malloc() to fail, which, depending on how error handling is implemented, may result in a denial of service condition. It may also be zero, causing a division by zero in the overflow check, also resulting in a denial of service.
Compliant Solution
| Wiki Markup |
|---|
This compliant solution defines the acceptable range for {{size}} as {{\[1, MAX_TABLE_SIZE\]}}. The {{size}} parameter is declared as {{size_t}}, which is unsigned by definition. Consequently, it is not necessary to check {{size}} for negative values (see [INT01-A. Use rsize_t or size_t for all integer values representing the size of an object]). |
...