...
Because length is user controlled, the value can result in a large block of memory being allocated or can cause the call to malloc() to fail. Depending on how error handling is implemented, this may result in a denial of service or other error. A length of zero results in a division by zero in the overflow check, which can also result in a denial of service. (See guideline rule INT33-C. Ensure that division and modulo operations do not result in divide-by-zero errors.)
...
| Wiki Markup |
|---|
This compliant solution defines the acceptable range for {{length}} as {{\[1, MAX_TABLE_LENGTH\]}}. The {{length}} parameter is declared as {{size_t}}, which is unsigned by definition. Consequently, it is not necessary to check {{length}} for negative values. (See guidelinerecommendation [INT01-C. Use rsize_t or size_t for all integer values representing the size of an object].) |
...
The test for length == 0 ensures that a nonzero number of bytes is allocated. (See guideline recommendation MEM04-C. Do not perform zero length allocations.)
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: INT04-CPP. Enforce limits on integer values originating from untrusted sources
...