You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 35 Next »

Attempting to dereference an invalid pointer results in undefined behavior, typically abnormal program termination. Given this, pointers should be checked to make sure they are valid before they are dereferenced.

Non-Compliant Code Example

In this example, input_str is copied into dynamically allocated memory referenced by str. If malloc() fails, it returns a NULL pointer that is assigned to str. When str is dereferenced in strcpy(), the program behaves in an unpredictable manner.

...
size_t size = strlen(input_str);
if (size == SIZE_MAX) { /* test for limit of size_t */
  /* Handle Error */
}
str = malloc(size+1);
strcpy(str, input_str);
...

Note that in accordance with rule [[MEM35-C]] the argument supplied to malloc() is checked to ensure a numeric overflow does not occur.

Compliant Solution

To correct this error, ensure the pointer returned by malloc() is not NULL. In addition to this rule, this should be done in accordance with rule [[MEM32-C]].

...
size_t size = strlen(input_str);
if (size == SIZE_MAX) { /* test for limit of size_t */
  /* Handle Error */
}
str = malloc(size+1);
if (str == NULL) {
  /* Handle Allocation Error */
}
strcpy(str, input_str);
...

Risk Assessment

Dereferencing an invalid pointer results in undefined behavior, typically abnormal program termination.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXP34-C

3 (high)

3 (likely)

1 (high)

P9

L2

Examples of vulnerabilities resulting from the violation of this rule can be found on the CERTwebsite.

References

[[ISO/IEC 9899-1999]] 6.3.2.3 Pointers
[[Viega 05]] Section 5.2.18 Null-pointer dereference

  • No labels