...
Because length is user controlled, the value can result in a large block of memory being allocated or cause the call to malloc() to fail. Depending on how error handling is implemented, this may result in a denial of service or other error. A length of zero results in a division by zero in the overflow check, which can also result in a denial of service (see INT33-C. Ensure that division and modulo operations do not result in divide-by-zero errors).
Compliant Solution
| Wiki Markup |
|---|
This compliant solution defines the acceptable range for {{length}} as {{\[1, MAX_TABLE_LENGTH\]}}. The {{length}} parameter is declared as {{size_t}}, which is unsigned by definition. Consequently, it is not necessary to check {{length}} for negative values (see [INT01-A. Use rsize_t or size_t for all integer values representing the size of an object]). |
...