SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 29

changes.mady.by.user Jeffrey Gennari

Saved on

compared with

New Version 30

changes.mady.by.user Jeffrey Gennari

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ffcccc
#include <stdlib.h>
#include <stdio.h>

enum { MAXLINE = 1000 };

size_t calc() {
  char line[MAXLINE], c;
  size_t size = 0;
  while ( (c = getchar()) != EOF && c != '\n') {
    line[size] = c;
    size++;
    if (size >= MAXLINE)
      break;
  }
  return size;
}

int main(void) {
  char * line = malloc(calc());
  printf("%d\n", size);
}

Wiki Markup
However, if no characters are entered, {{calc()}} will return {{0}}. Because there is no validation on the result of {{calc()}}, a
[
 {{malloc(0)}} \[[MEM04-A. Do not make assumptions about the result of allocating 0 bytes]\] could occur, which could lead to a buffer overflow.

Compliant Solution (argument validation)

...