...
| Code Block | ||||
|---|---|---|---|---|
| ||||
interrno_t f(void) { size_t size = strlen(input_str)+1; str = (char *)malloc(size); memcpy(str, input_str, size); /* ... */ free(str); str = NULL; return 0; } |
Compliant Solution (POSIX)
This compliant solution ensures the pointer returned by malloc() is not null. This solution also complies with MEM32-C. Detect and handle memory allocation errors.
| Code Block | ||||
|---|---|---|---|---|
| ||||
interrno_t f(void) { size_t size = strlen(input_str)+1; str = (char *)malloc(size); if (NULL == str) { return -1ENOMEM; /* Indicate allocation failure */ } memcpy(str, input_str, size); /* ... */ free(str); str = NULL; /* ... */ return 0; } |
This compliant solution is categorized as a POSIX solution because it returns ENOMEM, which is defined by POSIX but not by the C Standard.
Noncompliant Code Example
...
The sk pointer is initialized to tun->sk before checking if tun is a null pointer. Because null pointer dereferencing is undefined behavior, the compiler (GCC in this case) can optimize away the if (!tun) check because it is performed after tun->sk is dereferenced, implying that tun is non-null. As a result, this noncompliant code example is vulnerable to a null pointer dereference exploit. Typically, a null pointer dereference results in access violation and abnormal program termination. However, it is possible to permit null pointer dereferencing on several operating systems, for example, using mmap(2) with the MAP_FIXED flag on Linux and Mac OS X or using shmat(2) with the SHM_RND flag on Linux [Liu 2009].
Compliant Solution
This compliant solution eliminates the null pointer deference by initializing sk to tun->sk following the null pointer check:
...