...
The type size_t generally covers the entire address space. The C Standard, Annex K (normative), "Bounds-checking interfaces" [ISO/IEC 9899:2011], ," introduces a new type, rsize_t, defined to be size_t but explicitly used to hold the size of a single object [Meyers 2004]. In code that documents this purpose by using the type rsize_t, the size of an object can be checked to verify that it is no larger than RSIZE_MAX, the maximum size of a normal single object, which provides additional input validation for library functions. See STR07-C. Use the bounds-checking interfaces for remediation of existing string manipulation code for additional discussion of C11 Annex K.
...
Signed integer overflow causes undefined behavior. The following are two possible conditions under which this code constitutes a serious vulnerability:
sizeof(size_t) == sizeof(int)
...
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
INT01-C | mediumMedium | probableProbable | mediumMedium | P8 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
|
| Can detect violations of this recommendation. In particular, it catches comparisons and operations where one operand is of type | |||||||
5.0 |
| Will detect integer operations that cause overflow but not all cases where | |||||||
| 93 S | Fully implemented | |||||||
|
|
|
...
| CERT C++ Secure Coding Standard | INT01-CPP. Use rsize_t or size_t for all integer values representing the size of an object |
Bibliography
...
...