Wiki Markup calloc()}} function takes two arguments: the number of elements to allocate and the storage size of those elements. Typically, {{calloc()}} implementations multiply these arguments to determine how much memory to allocate. Historically, some implementations failed to check if out-of-bounds results silently wrap \ [[RUS-CERT Advisory 2002-08:02|http://cert.uni-stuttgart.de/advisories/calloc.php]\]. If the result of multiplying the number of elements to allocate and the storage size cannot be represented as a {{size_t}}, less memory is allocated than was requested. As a result, it is necessary to ensure that these arguments, when multiplied, can be represented as a {{size_t}}.
Modern implementations of the C standard library should check for wrap. If the libraries used for a particular implementation properly handle unsigned integer wrapping on the multiplication, that is sufficient to comply with this recommendation.
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM07-C | high | unlikely | medium | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||
|---|---|---|---|---|---|
|
|
|
|
...
MITRE CWE: CWE-128, "Wrap-around Error"
Bibliography
Wiki Markup
[[RUS-CERT|AA. Bibliography#RUS-CERT]\] Advisory 2002-08:02, "Flaw in calloc and similar routines"
\[
[Secunia|AA. Bibliography#Secunia]\] Advisory SA10635, "HP-UX calloc Buffer Size Miscalculation Vulnerability"
...
08. Memory Management (MEM) MEM08-C. Use realloc() only to resize dynamically allocated arrays