SEI CERT C Coding Standard

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 29 Next »

Different alignments are possible for different types of objects. If the type checking system is overridden by an explicit cast, it is possible the alignment of an object may not be the same as the alignment of the object to which it was cast. As a result, if a pointer to one object is converted to a pointer different object, the objects must have the same alignment.

Non-Compliant Code Example

By definition of C99, a pointer may be cast into and out of void * validly. Thus it is possible to silently switch from one type of pointer to another without flagging a compiler warning by first storing or casting the initial pointer to void * and then storing or casting it to the final type. In the following non-compliant code, the type checking system is circumvented due to the caveats of void pointers.

char *loop_ptr;
int *int_ptr;

int *loop_function(void *v_pointer){
  return v_pointer;
}
int_ptr = loop_function(loop_ptr);

This example should compile without warning. However, v_pointer might be aligned on a 1 byte boundary. Once it is cast to an int, some architectures will require it to be on 4 byte boundaries. If int_ptr is then later dereferenced, abnormal termination of the program may result.

Compliant Solution

In this compliant solution, the parameter is changed to only accept other int* pointers since the input parameter directly influences the output parameter.

int *loop_ptr;
int *int_ptr;

int *loopFunction(int *v_pointer) {
  return v_pointer;
}
int_ptr = loopFunction(loop_ptr);

Implementation Details

List of common alignments for Microsoft, Borland, and GNU compilers to x86

Type

Alignment

char

1 byte aligned

short

2 byte aligned

int

4 byte aligned

float

4 byte aligned

double

8 byte on Windows, 4 byte on Linux

Risk Assessment

Accessing a pointer or an object that is no longer on the correct access boundary can cause a program to crash, give wrong information, or may cause slow pointer accesses (if the architecture does not care about alignment).

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP36-C

1 (low)

2 (probable)

2 (medium)

P4

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[Bryant 03]]
[[ISO/IEC 9899-1999]] Section 6.2.5, "Types"

  • No labels