...
| Code Block | ||
|---|---|---|
| ||
void f1 (size_t nchars, size_t val) {
char *p = (char *)malloc(nchars);
const size_t n = val;
if (nchars - n < 0) {
    /* Handle Error */
}
else {
memset(p, 0, n);
}
/* More program code */
}
|
Risk Assessment
Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.
...