Wiki Markup
This is often referred to as unnamed padding is often called structure padding. Structure members are arranged in memory as they are declared in the program text. Padding may be added to the structure to ensure the structure is properly aligned in memory. Structure padding allows for faster member access on many architectures.
Rearranging the fields in a struct can change the size of the struct. It is possible to minimize padding anomalies if the fields are arranged in such a way that fields of the same size are grouped together.
Padding is also referred to as also called struct member alignment. Many compilers provide a flag that controls how the members of a structure are packed into memory. Modifying this flag may cause the size of the structures to vary. Most compilers also include a keyword that removes all padding; the resulting structures are referred to as are called packed structures. Overriding the default behavior is often unwise because it leads to interface compatibility problems (the nominally same struct has its layout interpreted differently in different modules).
Noncompliant Code Example
Wiki Markup struct buffer}} is equal to the sum of the size of its individual components, which may not be the case \[ [Dowd 06|AA. C References#Dowd 06]\2006]. The size of {{struct buffer}} may actually be larger due to structure larger because of structure padding.
| Code Block | ||||
|---|---|---|---|---|
| ||||
enum { buffer_size = 50 }; struct buffer { size_t size; char bufferC[50buffer_size]; }; /* ... */ void func(const struct buffer *buf) { /* * Incorrectly Assumesassumes sizeof( struct buffer) = * sizeof( size_t) + 50 * sizeof( charbufferC) = 54 */ struct buffer *buf_cpy = (struct buffer *)malloc(54( sizeof(size_t) + (buffer_size * sizeof(char) /* 1 */) ); if (buf_cpy == NULL) { /* Handle malloc() error */ } /* * With padding, sizeof(struct buffer) may be greater than * 54 sizeof(size_t) + sizeof(buff.bufferC), causing some data * to be written outside the bounds * of the memory allocated. */ memcpy(buf_cpy, buf, sizeof(struct buffer)); /* ... */ free(buf_cpy); } |
...
Accounting for structure padding prevents these types of errors.:
| Code Block | ||||
|---|---|---|---|---|
| ||||
enum { buffer_size = 50 }; struct buffer { size_t size; char bufferC[buffer_size]; }; /* ... */ void func(const struct buffer *buf) { struct buffer *buf_cpy = (struct buffer *)malloc(sizeof(struct buffer)); if (buf_cpy == NULL) { /* Handle malloc() error */ } /* ... */ memcpy(buf_cpy, buf, sizeof(struct buffer)); /* ... */ free(buf_cpy); } |
...
Failure to correctly determine the size of a structure can lead to subtle logic errors and incorrect calculations, the effects of which can lead to abnormal program termination, memory corruption, or execution of arbitrary code.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP03-C |
High |
Unlikely |
High |
P2
L3
P3 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported: Astrée reports accesses outside the bounds of allocated memory. | |||||||
| Helix QAC |
| C0697 | |||||||
| LDRA tool suite |
| 578 S | Enhanced enforcement |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
...
Related Guidelines
...
...
...
References
...
Bibliography
...
...
| 2011] | Subclause 6.7.2.1, |
...
| "Structure |
...
| and Union Specifiers" | |
| [Sloss 2004] | Section 5.7, |
...
| "Structure |
...
| Arrangement" |
...
03. Expressions (EXP) EXP04-C. Do not perform byte-by-byte comparisons between structures