SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 5

changes.mady.by.user Martin Sebor

Saved on

compared with

New Version 6

changes.mady.by.user Martin Sebor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Added Risk Assessment.

...

UB

Description

43

Addition or subtraction of a pointer into, or just beyond, an array object and an integer type produces a result that does not point into, or just beyond, the same array object.

44

Addition or subtraction of a pointer into, or just beyond, an array object and an integer type produces a result that points just beyond the array object and is used as the operand of a unary * operator that is evaluated.

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="87ee2f1824113a09-85cc756c-48fa404c-a979beef-a560b44d984f41bf59f3e7b2"><ac:plain-text-body><![CDATA[

[46

CC. Undefined Behavior#ub_46]

An array subscript is out of range, even if an object is apparently accessible with the given subscript (as in the lvalue expression a[1][7] given the declaration int a[4][5]).

]]></ac:plain-text-body></ac:structured-macro>

59

An attempt is made to access, or generate a pointer to just past, a flexible array member of a structure when the referenced object provides no elements for that array.

...

Code Block
bgColor#ccccff
struct S {
  size_t len;
  char   buf[];   /* flexible array member */
};

char* find(const struct S *s, int c) {
  char *first = s->buf;
  char *last  = s->buf + s->len;

  while (first != last)   /* avoid incrementing here */
    if (*++first == (unsigned char)c)
      return first;

  return NULL;
}

void g() {
  struct S *s = (struct S*)malloc(sizeof (struct S));
  s->len = 0;
  /* ... */
  char *where = find(s, '.');
  /* ... */
}

Risk Assessment

Accessing out of range pointers or array subscripts for writing can result in a buffer overflow and the execution of arbitrary code with the permissions of the vulnerable process or unintended information disclosure.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ARR30-C

3 (high)

3 (likely)

1 (high)

P12

L2

Automated Detection

The Coverity Prevent Version 5.0 ARRAY_VS_SINGLETON checker can detect the access of memory past the end of a memory buffer/array. The NEGATIVE_RETURNS checker can detect when the loop bound may become negative. The OVERRUN_STATIC and OVERRUN_DYNAMIC checker can detect the out of bound read/write to array allocated statically or dynamically.

...