CERT-ARR38-C_e
Synopsis
Guarantee that library functions do not form invalid pointers.
Enabled by default
Yes
Severity/Certainty
High/High
Full description
C library functions that make changes to arrays or objects take at least two arguments: a pointer to the array or object and an integer indicating the number of elements or bytes to be manipulated. Supplying arguments to such a function might cause the function to form a pointer that does not point into or just past the end of the object, resulting in undefined behavior.
Coding standards
- CERT ARR38-C
Guarantee that library functions do not form invalid pointers
- CWE 121
Stack-based Buffer Overflow
- CWE 119
Improper Restriction of Operations within the Bounds of a Memory Buffer
- CWE 125
Out-of-bounds Read
- CWE 123
Write-what-where Condition
- CWE 805
Buffer Access with Incorrect Length Value
- CWE 129
Improper Validation of Array Index
Code examples
The following code example fails the check and will give a warning:
#include <stdint.h>
#include <stdio.h>
struct obj {
char c;
long long i;
};
void func(FILE *f, struct obj *objs, size_t num_objs) {
const size_t obj_size = 16;
if (num_objs > (SIZE_MAX / obj_size) ||
num_objs != fwrite(objs, obj_size, num_objs, f)) {
/* Handle error */
}
}
The following code example passes the check and will not give a warning about this issue:
#include <stdint.h>
#include <stdio.h>
struct obj {
char c;
long long i;
};
void func(FILE *f, struct obj *objs, size_t num_objs) {
const size_t obj_size = sizeof *objs;
if (num_objs > (SIZE_MAX / obj_size) ||
num_objs != fwrite(objs, obj_size, num_objs, f)) {
/* Handle error */
}
}