mirror of
https://github.com/github/codeql.git
synced 2025-12-29 07:06:43 +01:00
34 lines
1.2 KiB
XML
34 lines
1.2 KiB
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
<overview>
|
|
<p>When you allocate an array from memory using <code>malloc</code>, <code>calloc</code> or
|
|
<code>realloc</code>, you should ensure that you allocate enough memory to contain an
|
|
instance of the required pointer type. Calls that are assigned to a non-void pointer
|
|
variable, but do not allocate enough memory will cause a buffer overflow when a field accessed
|
|
on the pointer points to memory that is beyond the allocated array. Buffer overflows can lead
|
|
to anything from a segmentation fault to a security vulnerability.</p>
|
|
|
|
</overview>
|
|
<recommendation>
|
|
<p>
|
|
The highlighted call allocates memory that is too small to contain an instance of the type of
|
|
the pointer, which can cause a memory overrun. Use the <code>sizeof</code> operator to ensure
|
|
that the function call allocates enough memory for that type.
|
|
</p>
|
|
|
|
</recommendation>
|
|
<example>
|
|
<sample src="SizeCheck.cpp" />
|
|
|
|
|
|
</example>
|
|
<references>
|
|
|
|
<li>I. Gerg. <em>An Overview and Example of the Buffer-Overflow Exploit</em>. IANewsletter vol 7 no 4. 2005.</li>
|
|
<li>M. Donaldson. <em>Inside the Buffer Overflow Attack: Mechanism, Method & Prevention</em>. SANS Institute InfoSec Reading Room. 2002.</li>
|
|
|
|
</references>
|
|
</qhelp>
|