Avoid excessive stack allocations, particularly in situations where the growth of the stack can be controlled or influenced by an attacker. See INT04-C. Enforce limits on integer values originating from tainted sources for more information on preventing attacker-controlled integers from exhausting memory.
Noncompliant Code Example
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
int copy_file(FILE *src, FILE *dst, size_t bufsize) {
if (bufsize == 0) {
/* Handle error */
}
char *buf = (char *)malloc(bufsize);
if (!buf) {
/* Handle return -1;error */
}
while (fgets(buf, bufsize, src)) {
if (fputs(buf, dst) == EOF) {
/* Handle error */
}
}
/* ... */
free(buf);
return 0;
}
|
...
Tool | Version | Checker | Description | ||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| IO.TAINT.SIZE MISC.MEM.SIZE.BAD | Tainted Allocation Size Unreasonable Size Argument | ||||||||||||
| STACK_USE | Can help detect single stack allocations that are dangerously large, although it will not detect excessive stack use resulting from recursion | |||||||||||||
| Helix QAC |
| C1051, C1520, C3670 | |||||||||||||
| Klocwork |
| MISRA.FUNC.RECUR | |||||||||||||
| LDRA tool suite |
| 44 S | Enhanced Enforcement | Polyspace Bug Finder||||||||||||
| Parasoft C/C++test |
| CERT_C-MEM05-a | Do not use recursion | Size of the variable-length array (VLA) is from an unsecure source and may be zero, negative, or too large Size of variable-length array is zero or negative Functions shall not call themselves, either directly or indirectly | PRQA QA-C | ||||||||||
| Include Page | PRQA QA-C_v | PRQA QA-C_v | is in valid range | ||||||||||||
| PC-lint Plus |
| 9035, 9070 | Partially supported: reports use of variable length arrays and recursion | ||||||||||||
| Polyspace Bug Finder |
| Checks for:
Rec. partially covered. | 1520 1051 | Partially implemented | |||||||||||
| PVS-Studio |
| V505 |
Related Vulnerabilities
Stack overflow has been implicated in Toyota unintended acceleration cases, where Camry and other Toyota vehicles accelerated unexpectedly. Michael Barr testified at the trial that a stack overflow could corrupt the critical variables of the operating system, because they were located in memory adjacent to the top of the stack [Samek 2014].
...
| [Loosemore 2007] | Section 3.2.5, "Automatic Storage with Variable Size" | ||
| [Samek 2014] | Are We Shooting Ourselves in the Foot with Stack Overflow? Monday, February 17th, 2014 by Miro Samek | ||
| [Seacord 2013] | Chapter 4, "Dynamic Memory Management" | [van Sprundel 2006] | "Stack Overflow" |
...