...
| Wiki Markup |
|---|
In this noncompliant code example, integer values returned by {{parseint(getdata())}} are stored into an array of {{INTBUFSIZE}} elements of type {{int}} called {{buf}} \[[Dowd 2006|AA. Bibliography#Dowd 06]\]. If data is available for insertion into {{buf}} (which is indicated by {{havedata()}}) and {{buf_ptr}} has not been incremented past {{buf + sizeof(buf)}}, an integer value is stored at the address referenced by {{buf_ptr}}. However, the {{sizeof}} operator returns the total number of bytes in {{buf}}, which is typically a multiple of the number of elements in {{buf}}. This value is scaled to the size of an integer and added to {{buf}}. As a result, the check to make sure integers are not written past the end of {{buf}} is incorrect and a buffer overflow is possible. |
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: EXP08-CPP. Ensure pointer arithmetic is used correctly
Bibliography
unmigrated-wiki-markup
\[[Dowd 2006|AA. Bibliography#Dowd 06]\] Chapter 6, "C Language Issues" \[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "HFC Pointer casting and pointer type changes" and "RVG Pointer Arithmetic" \[[MISRA 2004|AA. Bibliography#MISRA 04]\] Rules
MISRA Rules 17.1-17.4
MITRE CWE: CWE-468, "Incorrect Pointer Scaling"
Bibliography
| Wiki Markup |
|---|
\[[MITREDowd 20072006|AA. Bibliography#MITREBibliography#Dowd 0706]\] [CWE ID 468|http://cwe.mitre.org/data/definitions/468.html]Chapter 6, "IncorrectC PointerLanguage ScalingIssues" \[[Murenin 2007|AA. Bibliography#Murenin 07]\] |
...