SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 21

changes.mady.by.user Apoorv Dutta

Saved on

compared with

New Version 22

changes.mady.by.user Apoorv Dutta

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Made 2 more minor changes

...

Code Block
bgColor#FFcccc
void f2() {

	float a[4];
	const size_t n= sizeof(int) * 4ARR_SIZE;
	void *p = a;


	memset(p, 0, n);
	/* More program code */

}

...

Code Block
bgColor#ccccff
void f2() {

	float a[4];
	const size_t n= sizeof(float) * 4ARR_SIZE;
	void *p = a;

	memset(p, 0, n);
	/* More program code */

}

...

Note: A possibility of this code being safe would be on architectures where sizeof (*int) is equal to sizeof (*float).

Compliant Solution // (need to work on this)

...

Code Block
bgColor#ccccff
wchar_t *f7() {

	const wchar_t *p = L"Hello, World!";
	const size_t n = sizeof(wchar_t) * (wcslen(p) + 1);

	wchar_t *q = (wchar_t *)malloc(n);
	return q;

}

Given below is a non-exhaustive list of library functions that can be vulnerable:

Risk Assessment

Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ARR38-C

high

likely

medium

P18

L1

Related Guidelines

API00-C. Functions should validate their parameters|../../../../../../../../../../display/seccode/API00-C.+Functions+should+validate+their+parameters\

WG14 Document: N1579 - Rule 5.34 Forming Invalid pointers by library functions.

...