...
| Code Block | ||
|---|---|---|
| ||
enum month { Jan, Feb, ... };
type enum month month;
typedef enum date date;
struct date {
unsigned char dd;
month mm;
unsigned yy;
};
typedef struct string string;
struct string {
size_t length;
char text[];
};
date *d, *week, *fortnight;
string *name;
d = MALLOC(date);
week = MALLOC_ARRAY(7, date);
name = MALLOC_FLEX(string, 16, char);
fortnight = CALLOC(14, date);
|
The multiplication operation used in many of these macro must be checked for overflow if one or more of the operands can be influenced by untrusted data (see INT32-C. Ensure that integer operations do not result in an overflow for more information.
Risk Assessment
Failing to cast the result of a memory allocation function call into a pointer to the allocated type can result in inadvertent pointer conversions. Code that follows this recommendation will compile and execute equally well in C++.
...