Skip to main content

IAR Embedded Workbench for Arm 9.70.x

ATH-malloc-overrun

In this section:
Synopsis

The size of memory passed to malloc to allocate overflows.

Enabled by default

Yes

Severity/Certainty

High/Medium

highmedium.png
Full description

The size of memory passed to malloc to allocate is the result of an arithmetic overflow. As a result, malloc will not allocate the expected amount of memory and accesses to this memory might cause runtime errors.

Coding standards
CWE 122

Heap-based Buffer Overflow

CWE 119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE 680

Integer Overflow to Buffer Overflow

Code examples

The following code example fails the check and will give a warning:

#include <stdlib.h>
#include <limits.h>

void example(void) {
  int *b = malloc(sizeof(int)*ULONG_MAX*ULONG_MAX);
}

The following code example passes the check and will not give a warning about this issue:

#include <stdlib.h>
#include <limits.h>

void example(void) {
  int *b = malloc(sizeof(int)*5);
}