...
| Code Block | ||
|---|---|---|
| ||
int buf[INTBUFSIZE];
int *buf_ptr = buf;
while (havedata() && buf_ptr < buf + sizeof(buf)) {
*buf_ptr++ = parseint(getdata());
}
|
Compliant
...
Solution
In this compliant solution, the size of buf is added directly to buf and used as an upper bound. The integer literal is scaled to the size of an integer and the upper bound of buf is checked correctly.
| Code Block | ||
|---|---|---|
| ||
int buf[INTBUFSIZE];
int *buf_ptr = buf;
while (havedata() && buf_ptr < (buf + INTBUFSIZE)) {
*buf_ptr++ = parseint(getdata());
}
|
Risk
...
Assessment
Failure to understand and properly use pointer arithmetic can allow an attacker to execute arbitrary code.
...