...
Code Block | ||||
---|---|---|---|---|
| ||||
enum { buffer_size = 50 }; struct buffer { size_t size; char bufferC[buffer_size]; } buff; /* ... */ void func(const struct buffer *buf) { /* * Incorrectly assumes sizeof(struct buffer) = * sizeof(size_t) + sizeof(buff.bufferC) */ struct buffer *buf_cpy = (struct buffer *)malloc( sizeof(size_t) + sizeof(buff.bufferC(buffer_size * sizeof(char) /* 1 */) ); if (buf_cpy == NULL) { /* Handle malloc() error */ } /* * With padding, sizeof(struct buffer) may be greater than * sizeof(size_t) + sizeof(buff.bufferC), causing some data * to be written outside the bounds of the memory allocated. */ memcpy(buf_cpy, buf, sizeof(struct buffer)); /* ... */ free(buf_cpy); } |
...
Code Block | ||||
---|---|---|---|---|
| ||||
enum { buffer_size = 50 };
struct buffer {
size_t size;
char bufferC[buffer_size];
} buff;
/* ... */
void func(const struct buffer *buf) {
struct buffer *buf_cpy =
(struct buffer *)malloc(sizeof(struct buffer));
if (buf_cpy == NULL) {
/* Handle malloc() error */
}
/* ... */
memcpy(buf_cpy, buf, sizeof(struct buffer));
/* ... */
free(buf_cpy);
}
|
...
Tool | Version | Checker | Description | ||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported: Astrée reports accesses outside the bounds of allocated memory. | |||||||||||||||||
Helix QAC |
| C0697 | |||||||||||||||||
LDRA tool suite |
| 578 S | Enhanced enforcement | PRQA QA-C | |||||||||||||||
Include Page | PRQA QA-C_v | PRQA QA-C_v | 0697 | Partially implemented | Helix QAC | ||||||||||||||
Include Page | Helix QAC_V | Helix QAC_V
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...