...
| Code Block | ||
|---|---|---|
| ||
long long a = 1;
const char msg[] = "Default message";
/* ... */
printf("%lld %s", a, msg);
|
Noncompliant Code Example (NULL
...
C99, Section 6.3.2.3 (Pointers) says:
An integer constant expression with the value 0, or such an expression cast to type
void *, is called a null pointer constant.55) If a null pointer constant is converted to a
pointer type, the resulting pointer, called a null pointer, is guaranteed to compare unequal
to a pointer to any object or function.
...
...
)
...
Because C99 allows NULL to be either an integer constant or a pointer constant, any architecture where integers are not the same size as pointers (such as LP64) might present a particular vulnerability with variadic functions. If NULL is defined as an integer on such a platform, then sizeof(NULL) != sizeof(void*). Consequently variadic functions that take a accept an argument of pointer type will not correctly promote NULL, leading to resulting in undefined behavior. Consequently, the following code may have undefined behavior:
| Code Block | ||
|---|---|---|
| ||
printf("%p %d\n", NULL, 1);
|
On a LP64 system, this code example might interpret system with 32-bit int and 64-bit pointers, printf() may interpret the NULL as high-order bits with the following number of the pointer and the third argument 1 as the low-order bits , and consequently of the pointer. In this case, printf() will print a pointer with the value 0x00000001 and then attempt to read an additional argument for the %d conversion specifier which was not provided.
Compliant Solution (NULL
...
)
To rectify In this problemcompliant solution, ensure that NULL is cast to an the appropriate type when before passing it as an argument to a variadic function.
| Code Block | ||
|---|---|---|
| ||
printf("%p %d\n", (void *)NULL, 1);
|
Risk Assessment
...