SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 45

changes.mady.by.user Alex Volkovitsky

Saved on

compared with

New Version 46

changes.mady.by.user Justin Pincar

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider v2.1 (sch jbop) (X_X)@==(Q_Q)@

...

Wiki Markup
C99 includes support for variable-length arrays (VLAs) \[[ISO/IEC 9899-:1999|AA. C References#ISO/IEC 9899-1999]\]. If the array length is derived from an untrusted data source, an attacker could cause the process to perform an excessive allocation on the stack.

...

Wiki Markup
\[[ISO/IEC 9899-:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.7.5.2, "Array declarators", Section 7.20.3, "Memory management functions"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "GDL Recursion"
\[[Loosemore 07|AA. C References#Loosemore 07]\] [Section 3.2.5, "Automatic Storage with Variable Size"|http://www.gnu.org/software/libc/manual/html_mono/libc.html#Variable-Size-Automatic]
\[[MISRA 04|AA. C References#MISRA 04]\] Rule 16.2
\[[Seacord 05|AA. C References#Seacord 05]\] Chapter 4, "Dynamic Memory Management"
\[[van Sprundel 06|http://ilja.netric.org/files/Unusual%20bugs.pdf]\] "Stack Overflow"

...