...
| Wiki Markup |
|---|
Note that in accordance with rule \[[MEM35-C|MEM35-C. Ensure that size arguments to memory allocation functions are correct]\] the argument supplied to {{malloc()}} is checked to ensure a numeric overflow does not occur. |
...
| Wiki Markup |
|---|
To correct this error, ensure the pointer returned by {{malloc()}} is not NULL. In addition to this rule, this should be done in accordance with rule \[[MEM32-C|MEM32-C. Detect and handle critical memory allocation errors]\]. |
| Code Block | ||
|---|---|---|
| ||
/* ... */
size_t size = strlen(input_str);
if (size == SIZE_MAX) { /* test for limit of size_t */
/* Handle Error */
}
str = malloc(size+1);
if (str == NULL) {
/* Handle Allocation Error */
}
strcpy(str, input_str);
/* ... */
|
...
| Wiki Markup |
|---|
Dereferencing an invalid pointer results in undefined behavior, typically abnormal program termination. In some situations, however, dereferencing a null pointer can lead to the execution of arbitrary code \[[van de Sprundel 06|AA. C References#van de Sprundel 06], [Jack 07|AA. C References#Jack 07]\]. The indicated severity is for this more severe case; on platforms where it is not possible to exploit a null pointer dereference to execute arbitrary code the actual severity is low. |
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP34-C | 3 (high) | 3 (likely) | 2 (medium) | P18 | L1 |
...
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.3.2.3, "Pointers" \[[Jack 07|AA. C References#Jack 07]\] \[[van de Sprundel 06|AA. C References#van de Sprundel 06]\] \[[Viega 05|AA. C References#Viega 05]\] Section 5.2.18, "Null-pointer dereference" |