...
- Correct usage of expression E // for E: T* = mem_alloc(n)
...
Noncompliant Code Example
// NCCE example
*Remember to follow the desired coding style
Compliant Solution
// CS example
*Remember to follow the desired coding style
...
This noncompliant code example assigns a value greater than the size of dynamic memory to 'n' which is then passed to the memset().
| Code Block | ||
|---|---|---|
| ||
void f1 (size_t nchars) {
char *p = (char *)malloc(nchars);
const size_t n = nchars + 1;
memset(p, 0, n);
/* ... */
}
Compliant Solution
|
This compliant solution makes sure that the value of 'n' is not greater the size of the dynamic memory pointed to by the pointer 'p':
| Code Block | ||
|---|---|---|
| ||
void f1 (size_t nchars, size_t val) {
char *p = (char *)malloc(nchars);
const size_t n = val;
if (nchars - n < 0) {
    /* Handle Error */
}
else {
memset(p, 0, n);
}
/* ... */}
Risk Assessment
|
Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.
...