mirror of
https://github.com/github/codeql.git
synced 2025-12-25 13:16:33 +01:00
32 lines
1.2 KiB
XML
32 lines
1.2 KiB
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
<overview>
|
|
<p>When you allocate an array from memory using <code>malloc</code>, <code>calloc</code> or
|
|
<code>realloc</code>, you should ensure that you allocate enough memory to contain a
|
|
multiple of the size of the required pointer type. Calls that are assigned to a non-void
|
|
pointer variable, but do not allocate enough memory will cause a buffer overflow when a
|
|
field accessed on the pointer points to memory that is beyond the allocated array. Buffer
|
|
overflows can lead to anything from a segmentation fault to a security vulnerability.</p>
|
|
|
|
</overview>
|
|
<recommendation>
|
|
<p>
|
|
The highlighted call allocates memory that is not a multiple of the size of the pointer
|
|
type, which can cause a memory overrun. Use the <code>sizeof</code> operator to ensure that the function call allocates enough memory for that type.
|
|
</p>
|
|
|
|
</recommendation>
|
|
<example><sample src="SizeCheck2.cpp" />
|
|
|
|
|
|
</example>
|
|
<references>
|
|
|
|
<li>I. Gerg. <em>An Overview and Example of the Buffer-Overflow Exploit</em>. IANewsletter vol 7 no 4. 2005.</li>
|
|
<li>M. Donaldson. <em>Inside the Buffer Overflow Attack: Mechanism, Method & Prevention</em>. SANS Institute InfoSec Reading Room. 2002.</li>
|
|
|
|
</references>
|
|
</qhelp>
|