SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 45

changes.mady.by.user Lee Mancuso

Saved on

compared with

New Version 46

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This is often referred to as structure padding. Structure members are arranged in memory as they are declared in the program text. Padding may be added to the structure to ensure the structure is properly aligned in memory. Rearranging the fields in a struct can change the size of the struct. It is possible to minimize padding anomalies if the fields are arranged in such a way that fields of the same size are grouped together.

Padding is also referred to as "Struct Member Alignment". Many compilers provide a flag that controls how the members of a structure are packed into memory. Modifying this flag may cause the size of the structures to vary. Most compilers also include a keyword that removes all padding; the resulting structures are referred to as packed structures.

Non-Compliant Code Example

...

Code Block
bgColor#FFcccc
struct buffer {
    size_t size;
    char bufferbufferC[50];
};

/* ... */

void func(struct buffer *buf) {

  /* assuming sizeof(size_t) is 4, sizeof(size_t)+sizeof(char)*50 equals 54 */
  struct buffer *buf_cpy = malloc(sizeof(size_t)+(sizeof(char)*50));
  if (buf_cpy == NULL) {
    /* Handle malloc() error */
  }
  /*
   * with padding, sizeof(struct buffer) may be greater than 54, causing
   * some data to be written outside the bounds of the memory allocated
   */
  memcpy(buf_cpy, buf, sizeof(struct buffer));
  
  /* ... */  
  
  free(buf_cpy); 
}

Compliant Solution

Accounting for structure padding prevents these types of errors.

Code Block
bgColor#ccccff
struct buffer {
    size_t size;
    char bufferbufferC[50];
};

/* ... */

void func(struct buffer *buf) {

  struct buffer *buf_cpy = malloc((sizeof(struct buffer));
  if (buf_cpy == NULL) {
    /* Handle malloc() error */
  }

  /* ... */

  memcpy(buf_cpy, buf, sizeof(struct buffer));   
  
  /* ... */  
  
  free(buf_cpy); 
}

Risk Assessment

Failure to correctly determine the size of a structure can lead to subtle logic errors and incorrect calculations.

...

Wiki Markup
\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 6, "C Language Issues" (Structure Padding 284-287)
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.2.1, "Structure and union specifiers"
\[[Sloss 04|AA. C References#Sloss 04]\] Section 5.7, "Structure Arrangement"

...

EXP02-A. The second operands of the logical AND and OR operators should not contain side effects      03. Expressions (EXP)       EXP04-A. Do not perform byte-by-byte comparisons between structures