ATH-malloc-overrun
In this section:
Synopsis
The size of memory passed to malloc to allocate overflows.
Enabled by default
Yes
Severity/Certainty
High/Medium
Full description
The size of memory passed to malloc to allocate is the result of an arithmetic overflow. As a result, malloc will not allocate the expected amount of memory and accesses to this memory might cause runtime errors.
Coding standards
- CWE 122
Heap-based Buffer Overflow
- CWE 119
Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE 680
Integer Overflow to Buffer Overflow
Code examples
The following code example fails the check and will give a warning:
#include <stdlib.h>
#include <limits.h>
void example(void) {
int *b = malloc(sizeof(int)*ULONG_MAX*ULONG_MAX);
}
The following code example passes the check and will not give a warning about this issue:
#include <stdlib.h>
#include <limits.h>
void example(void) {
int *b = malloc(sizeof(int)*5);
}