...
| Code Block | ||
|---|---|---|
| ||
struct big {
unsigned long long ull_1; /* typically 8 bytes */
unsigned long long ull_2; /* typically 8 bytes */
unsigned long long ull_3; /* typically 8 bytes */
int si_4; /* typically 4 bytes */
int si_5; /* typically 4 bytes */
};
/* ... */
size_t skip = offsetof(struct big, ull_2);
struct big *s = (struct big *)malloc(sizeof(struct big));
if (!s) {
/* Handle malloc() error */
}
memset((char *)s + skip, 0, sizeof(struct big) - skip);
/* ... */
free(s);
s = NULL;
|
Risk Assessment
Failure to understand and properly use pointer arithmetic can allow an attacker to execute arbitrary code.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP08-C | high | probable | high | P6 | L2 |
Automated Detection
How long is 4 yards plus 3 feet? It is obvious from elementary arithmetic that any answer involving '7' is wrong, as the student did not take the units into account. The right method is to convert both numbers to reflect the same units.
...
| Wiki Markup |
|---|
In addition to pointer arithmetic expressions, one can also hunt for array index expressions, as {{array\[index\]}} is merely shorthand for '{{array + index}}'. But programmers will likely be more conscientious about using {{\[\]}} with correct units than when using pointer arithmetic. |
Risk Assessment
...
EXP08-C
...
high
...
probable
...
high
...
P6
...
Failure to understand and properly use pointer
arithmetic |
. |
...
Recommendation
...
Severity
...
Likelihood
...
Remediation Cost
...
Priority
...
Level
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...