Avoid excessive stack allocations, particularly in situations where the growth of the stack can be controlled or influenced by an attacker. See INT04-C. Enforce limits on integer values originating from tainted sources for more information on preventing attacker-controlled integers from exhausting memory.
Noncompliant Code Example
...
Code Block | ||||
---|---|---|---|---|
| ||||
int copy_file(FILE *src, FILE *dst, size_t bufsize) { if (bufsize == 0) { /* Handle error */ } char *buf = (char *)malloc(bufsize); if (!buf) { /* Handle return -1;error */ } while (fgets(buf, bufsize, src)) { if (fputs(buf, dst) == EOF) { /* Handle error */ } } /* ... */ free(buf); return 0; } |
...
Tool | Version | Checker | Description | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
CodeSonar |
| IO.TAINT.SIZE MISC.MEM.SIZE.BAD | Tainted Allocation Size Unreasonable Size Argument | ||||||||||||||||
| STACK_USE | Can help detect single stack allocations that are dangerously large, although it will not detect excessive stack use resulting from recursion | |||||||||||||||||
Helix QAC |
| C1051, C1520, C3670 | |||||||||||||||||
Klocwork |
| MISRA.FUNC.RECUR | |||||||||||||||||
LDRA tool suite |
| 44 S | Enhanced Enforcement | ||||||||||||||||
Polyspace Bug Finder | R2016a | Size of the variable-length array (VLA) is from an unsecure source and may be zero, negative, or too large Size of variable-length array is zero or negative | |||||||||||||||||
Parasoft C/C++test |
| CERT_C-MEM05-a | Do not use recursion | ||||||||||||||||
PC-lint Plus |
| 9035, 9070 | Partially supported: reports use of variable length arrays and recursion | ||||||||||||||||
Polyspace Bug Finder |
| Checks for:
Rec. partially covered. | |||||||||||||||||
PVS-Studio |
| V505 | PRQA QA-C | ||||||||||||||||
Include Page | PRQA QA-C_v | PRQA QA-C_v | 1520 1051 | Partially implemented | PVS-Studio | 6.22 | V505 | General analysis rule |
Related Vulnerabilities
Stack overflow has been implicated in Toyota unintended acceleration cases, where Camry and other Toyota vehicles accelerated unexpectedly. Michael Barr testified at the trial that a stack overflow could corrupt the critical variables of the operating system, because they were located in memory adjacent to the top of the stack [Samek 2014].
...
[Loosemore 2007] | Section 3.2.5, "Automatic Storage with Variable Size" | ||
[Samek 2014] | Are We Shooting Ourselves in the Foot with Stack Overflow? Monday, February 17th, 2014 by Miro Samek | ||
[Seacord 2013] | Chapter 4, "Dynamic Memory Management" | [van Sprundel 2006] | "Stack Overflow" |
...