...
| Code Block | ||
|---|---|---|
| ||
size_t num_elements = get_size();
long *buffer = calloc(num_elements, sizeof(long));
if (buffer == NULL) {
/* handle error condition */
}
/*...*/
free(buffer);
buffer = NULL;Â
|
Compliant Solution
In this compliant solution, the the two arguments num_elements and sizeof(long) are checked before the call to calloc() to determine if wrapping will occur.
...
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.18.3, "Limits of other integer types" \[[Seacord 05|AA. C References#Seacord 05]\] Chapter 4, "Dynamic Memory Management" \[[RUS-CERT|AA. C References#RUS-CERT]\] Advisory 2002-08:02, "Flaw in calloc and similar routines" \[[Secunia|AA. C References#Secunia]\] Advisory SA10635, "HP-UX calloc Buffer Size Miscalculation Vulnerability" |
...
MEM05MEM06-A. Avoid large stack allocationsEnsure that sensitive data is not written out to disk 08. Memory Management (MEM) MEM08-A. Use realloc() only to resize dynamically allocated arrays