SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 10

changes.mady.by.user Apoorv Dutta

Saved on

compared with

New Version 11

changes.mady.by.user Apoorv Dutta

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added the 3rd solution

...

Code Block
bgColor#ccccff
void f2() {
float a[4];
const size_t n= sizeof(float) * 4;
void *p = a;

memset(p, 0, n);
/* More program code */

}

Noncompliant Code Example

In this noncompliant code example, the size of 'n' could be greater than the size of *p.

Code Block
bgColor#FFcccc

void f3(int *a) {
float b = 3.14;
const size_t n = sizeof(*b);
void *p = a;
void *q = &b;

memcpy(p, q, n);
/* More program code */

}

Compliant Solution

This compliant solution makes sure that the of 'n' is not greater the the minimum of effective sizes of *p and *q

Code Block
bgColor#ccccff

void f3(int *a) {
float b = 3.14;
const size_t n = sizeof(*b);
void *p = a;
void *q = &b;


if (n <= size(*p) && n <= size(*q)) {
	memcpy(p, q, n);
}
else {
	/* Handle Error */
}

}

Risk Assessment

Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.

...