Description -
A programmer should keep a check on the following (sub-sections):
- ânâ > size of âpâ // for func(p,n)
- ânâ and âpâ are not compatible
- ânâ > size of âpâ or size of âqâ || âpâ and âqâ are not compatible // for func(p,q, n)
- âpâ and âqâ are compatible but not with ânâ
- Correct usage of expression E // for E: T* = mem_alloc(n)
Noncompliant Code Example
This noncompliant code example assigns a value greater than the size of dynamic memory to 'n' which is then passed to the memset().
void f1 (size_t nchars) { char *p = (char *)malloc(nchars); const size_t n = nchars + 1; memset(p, 0, n); /* More program code */ }
Compliant Solution
This compliant solution makes sure that the value of 'n' is not greater the size of the dynamic memory pointed to by the pointer 'p':
void f1 (size_t nchars, size_t val) { char *p = (char *)malloc(nchars); const size_t n = val; if (nchars - n < 0) { Â Â Â Â /* Handle Error */ } else { memset(p, 0, n); } /* More program code */ }
Risk Assessment
Depending on the library function called, the attacker may be able to use a heap overflow vulnerability to run arbitrary code. The detection of checks specified in description can be automated but the remediation has to be manual.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
ARR38-C |
high |
likely |
medium |
P18 |
L1 |