Page History

...

Code Block

bgColor	#FFcccc

void f1 (size_t nchars) {
char *p = (char *)malloc(nchars);
const size_t n = nchars + 1;

memset(p, 0, n);

/* ...More program code */

}

Compliant

...

Solution

...

This compliant solution makes sure that the value of 'n' is not greater the size of the dynamic memory pointed to by the pointer 'p':

Code Block

bgColor	#ccccff

void f1 (size_t nchars, size_t val) {

char *p = (char *)malloc(nchars);
const size_t n = val;

if (nchars - n < 0) {

Â Â Â Â  /* Handle Error */

}

else {

memset(p, 0, n);

}

/* ... More program code */


}

Risk

...

Assessment

...

Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.
...

Space shortcuts

Page tree

Versions Compared

Old Version 3

New Version 4

Key

Compliant

Solution

Risk

Assessment

Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.
...

Space shortcuts

Page tree

Page History

Versions Compared

Old Version 3

New Version 4

Key

Compliant

Solution

Risk

Assessment

Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual....

Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.
...