ATH-new-overrun (C++ only)
In this section:
Synopsis
An arithmetic overflow is caused by an allocation using new[].
Enabled by default
Yes
Severity/Certainty
High/Medium
Full description
The new a[n] operator performs the operation sizeof(a) * n. This might cause an overflow, leading to an unexpected amount of memory being allocated. Dereferencing this memory might lead to a runtime error.
Coding standards
- CWE 122
Heap-based Buffer Overflow
- CWE 119
Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE 680
Integer Overflow to Buffer Overflow
Code examples
The following code example fails the check and will give a warning:
#include <new>
#include <climits>
void example(void) {
unsigned int b = (UINT_MAX / 4) + 1;
int *a = new int[b];
}
The following code example passes the check and will not give a warning about this issue:
#include <new>
void example(void) {
int *a = new int[10];
}