You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 29 Next »

The sizeof operator yields the size (in bytes) of its operand, which may be an expression or the parenthesized name of a type. If the type of the operand is not a variable-length array type, the operand is not evaluated.

Providing an expression that appears to produce side effects may be misleading to programmers who are not aware that these expressions are not evaluated. As a result, programmers may make invalid assumptions about program state, leading to errors and possible software vulnerabilities.

Non-Compliant Code Example

In this non-compliant code example, the expression a++ is not evaluated and the side effects in the expression are not executed.

int a = 14;
int b = sizeof(a++);

Consequently, the value of a after b has been initialized is 14.

Implementation-Specific Details

This example compiles cleanly under Microsoft Visual Studio 2005 Version 8.0, with the /W4 option.

Compliant Solution

In this compliant solution, the variable a is incremented.

int a = 14;
int b = sizeof(a);
a++;

Risk Assessment

If expressions that appear to produce side effects are supplied to the sizeof operator, the returned result may be different than expected. Depending on how this result is used, this could lead to unintended program behavior.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

EXP06-A

low

unlikely

low

P3

L3

Automated Detection

The LDRA tool suite V 7.6.0 is able to detect violations of this recommendation.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[ISO/IEC 9899:1999]] Section 6.5.3.4, "The sizeof operator"


EXP05-A. Do not cast away a const qualification      03. Expressions (EXP)       EXP07-A. Do not diminish the benefits of constants by assuming their values in expressions

  • No labels