...
| Code Block | ||||
|---|---|---|---|---|
| ||||
int f(void) {
size_t size = strlen(input_str)+1;
str = (char *)malloc(size);
memcpy(str, input_str, size);
/* ... */
free(str);
str = NULL;
return 0;
} |
Compliant Solution
To correct this error, ensure This compliant solution ensures the pointer returned by malloc() is not null. This practice solution also ensures compliance complies with MEM32-C. Detect and handle memory allocation errors.
| Code Block | ||||
|---|---|---|---|---|
| ||||
int f(void) {
size_t size = strlen(input_str)+1;
str = (char *)malloc(size);
if (strNULL == NULLstr) {
return -1; /* Indicate allocation failure */
}
memcpy(str, input_str, size);
/* ... */
free(str);
str = NULL;
/* ... */
return 0;
} |
Noncompliant Code Example
...
The vulnerability occurs because sk is initialized to tun->sk before checking if tun is equal to NULL. Of course, this should be done first because the GCC compiler (a null pointer. The compiler (GCC in this case) optimizes it and completely removes away the if (!tun) check because it is performed after the assignment. As a result, the above vulnerability can result in this noncompliant code example is vulnerable to a null pointer dereference exploit.Normally Typically, a null pointer dereference results in access violation and abnormal program termination. However, it is possible to permit null pointer dereferencing on several operating systems, for example, using mmap(2) with the MAP_FIXED flag on Linux and Mac OS X or using shmat(2) with the SHM_RND flag on Linux [Liu 2009].
...