CERT-MEM35-C_c
In this section:
Synopsis
Allocate sufficient memory for an object.
Enabled by default
Yes
Severity/Certainty
High/High
Full description
The types of integer expressions used as size arguments to malloc(), calloc(), realloc(), or aligned_alloc() must have sufficient range to represent the size of the objects to be stored. If size arguments are incorrect or can be manipulated by an attacker, then a buffer overflow may occur. This check is identical to MEM-realloc-diff-type.
Coding standards
- CERT MEM35-C
Allocate sufficient memory for an object
Code examples
The following code example fails the check and will give a warning:
#include <stdlib.h>
void example(int *a, int new_size) {
unsigned int *b;
b = realloc(a, sizeof(int) * new_size);
}
The following code example passes the check and will not give a warning about this issue:
#include <stdlib.h>
void example(int *a, int new_size) {
int *b;
b = realloc(a, sizeof(int) * new_size);
}