...
Code Block | ||||
---|---|---|---|---|
| ||||
int buf[INTBUFSIZE];
int *buf_ptr = buf;
while (havedata() && buf_ptr < &buf[INTBUFSIZE]) {
*buf_ptr++ = parseint(getdata());
}
|
...
Failure to understand and properly use pointer arithmetic can allow an attacker to execute arbitrary code.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
EXP08-C | High | Probable | High | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| Supported: Astrée reports potential runtime errors resulting from invalid pointer arithmetics. | |||||||
CodeSonar |
| LANG.STRUCT.PARITH | Pointer arithmetic | ||||||
Helix QAC |
| C0488, C2930, C2931, C2932, C2933 | |||||||
Klocwork |
| ABV.ITERATOR ABV.GENERAL ABV.GENERAL.MULTIDIMENSION | |||||||
LDRA tool suite |
| 45 D | Partially implemented | ||||||
Parasoft C/C++test |
MISRA-101
BD-PB-ARRAY
| CERT_C-EXP08-a | Pointer arithmetic should not be used | |||||||
Parasoft Insure++ |
Runtime analysis | |||||||||
PC-lint Plus |
| 416 | Partially supported | ||||||
Polyspace Bug Finder |
|
Implicit scaling in pointer arithmetic might be ignored
Pointer dereferenced outside its bounds
0488, 2930, 2931, 2932, 2933, 2934
Partially implemented
| Checks for:
Rec. fully supported. | ||||||||
PVS-Studio |
| V503, V520, V574, V600, V613, V619, V620, V643, V650, V687, V769, V1004 |
How long is 4 yards plus 3 feet? It is obvious from elementary arithmetic that any answer involving 7 is wrong, as the student did not take the units into account. The right method is to convert both numbers to reflect the same units.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | VOID EXP08-CPP. Ensure pointer arithmetic is used correctly |
ISO/IEC TR 24772:2013 | Pointer Casting and Pointer Type Changes [HFC] Pointer Arithmetic [RVG] |
ISO/IEC TS 17961 | Forming or using out-of-bounds pointers or array subscripts [invptr] |
MISRA C:2012 | Rule 18.1 (required) Rule 18.2 (required) Rule 18.3 (required) Rule 18.4 (advisory) |
MITRE CWE | CWE-468, Incorrect pointer scaling |
Bibliography
[Dowd 2006] | Chapter 6, "C Language Issues" |
[Murenin 2007] |
...
...