...
The example below, is inspired by Dowd, assumes that the size of struct buffer is equal to the sizeof(size_t) + (sizeof(char) * 50), which may be incorrect. The size of struct buffer may actually be a larger due to structure padding.
| Code Block | ||
|---|---|---|
| ||
struct buffer {
size_t size;
char buffer[50];
};
...
void func(struct buffer *buf) {
/* assuming sizeof(size_t) is 4, this equals 54 */
struct buffer *buf_cpy = malloc((sizeof(size_t)+(sizeof(char)*50)));
if (buf_cpy == NULL) {
/* Handle malloc() error */
}
...
/* with padding, sizeof(struct buffer) may be greater than 54, causing in a small buffer overflow */
memcpy(buf_cpy, buf, sizeof(struct buffer));
}
|
...
Accounting for structure padding prevents these types of errors.
| Code Block | ||
|---|---|---|
| ||
struct buffer {
size_t size;
char buffer[50];
};
...
void func(struct buffer *buf) {
struct buffer *buf_cpy = malloc((sizeof(struct buffer));
if (buf_cpy == NULL) {
/* Handle malloc() error */
}
...
memcpy(buf_cpy, buf, sizeof(struct buffer));
}
h2. References
\[[Dowd 06|AA. C References#Dowd 06]\] Chapter 6, "C Language Issues" (Structure Padding 284-287)
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.2.1, "Structure and union specifiers"
|