...
Note that the maximum amount of allocatable memory is typically limited to a value less than SIZE_MAX (the maximum value of size_t). Always check the return value from a call to any memory allocation function in compliance with guideline rule MEM32-C. Detect and handle memory allocation errors.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: MEM07-CPP. Ensure that the arguments to calloc(), when multiplied, can be represented as a size_t
Bibliography
unmigrated-wiki-markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.18.3, "Limits of other integer types"
MITRE CWE: CWE-190, "Integer Overflow (Wrap or Wraparound)"
MITRE CWE: CWE-128, "Wrap-around Error"
Bibliography
| Wiki Markup |
|---|
\[[MITRE 2007|AA. Bibliography#MITRE 07]\] [CWE ID 190|http://cwe.mitre.org/data/definitions/190.html], "Integer Overflow (Wrap or Wraparound)," and [CWE ID 128|http://cwe.mitre.org/data/definitions/128.html], "Wrap-around Error"
\[[Seacord 2005|AA. Bibliography#Seacord 05]\] Chapter 4, "Dynamic Memory Management"
\[[RUS-CERT|AA. Bibliography#RUS-CERT]\] Advisory 2002-08:02, "Flaw in calloc and similar routines"
\[[Secunia|AA. Bibliography#Secunia]\] Advisory SA10635, "HP-UX calloc Buffer Size Miscalculation Vulnerability" |
...