...
This compliant solution defines a maximum size for the table of MAX_TABLE_SIZE or 256 elements. The lower bound for an acceptable table size is checked against 0 to prevent malloc(0) verifies that the passed size parameter is within this range. Note that the size parameter is typed as size_t and is by definition unsigned, thus, it need not be checked that it is negative (see INT01-A. Use size_t for all integer values representing the size of an object). (see MEM04-A. Do not make assumptions about the result of allocating 0 bytes).
| Code Block | ||
|---|---|---|
| ||
enum { MAX_TABLE_SIZE = 256 };
int create_table(size_t size) {
char **table;
if(size == 0 || size > MAX_TABLE_SIZE) {
/* Handle invalid size */
}
table = malloc(size * sizeof(char *));
if(table == NULL) {
/* Handle error condition */
}
/* ... */
return 0;
}
|
Note that the size parameter is typed as size_t and is by definition unsigned, thus, it need not be checked that it is negative (see INT01-A. Use size_t for all integer values representing the size of an object).
Risk Assessment
Failing to enforce the limits on integer values can result in a denial of service condition.
...