...
The valid() function does not guarantee validity (it only identifies null pointers and pointers to functions as invalid), but it can be used to catch a substantial number of problems that might otherwise go undetected.
...
Noncompliant Code Example
This function increments the value pointed to by its argument. It also ensures that its argument is not a null pointer. But the pointer can still be invalid, causing the function to corrupt memory or terminate abnormally.
| Code Block | ||
|---|---|---|
| ||
void incr(int *intptr) {
if (intptr == NULL) {
/* handle error */
}
*intptr++;
}
|
Compliant Solution
By using the valid() function defined above, the function is less likely to dereference an invalid pointer or write to memory that is outside the bounds of a valid object.
| Code Block | ||
|---|---|---|
| ||
void incr(int *intptr) {
if (!valid(intptr)) {
/* handle error */
}
*intptr++;
}
|
Compliant Solution (assert)
Because invalid pointers are often indicative of a bug defect in the program, the assert() macro can be used to terminate immediately if an invalid pointer is discovered (see MSC11-AC. Incorporate diagnostic tests using assertions).
| Code Block | ||
|---|---|---|
| ||
#include <assert.h>
void incr(int *intptr) {
assert(valid(intptr));
*intptr++;
}
|
Risk Assessment
A pointer validation library can be used to identify and so prevent the execution of vulnerable code.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM10-A C | high | unlikely | high | P3 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 6.3.2.3, "Pointers" \[[Jack 07|AA. C References#Jack 07]\] \[[van Sprundel 06|AA. C References#van Sprundel 06]\] |
...