Skip to content

STR32-C: Support reducing buffer size via realloc #31

New issue
New issue
Closed
#579
Closed
STR32-C: Support reducing buffer size via realloc#31
#579
Assignees
knewbury01
Labels
Difficulty-HighA false positive or false negative report which is expected to take 1+ week effort to addressImpact-MediumPhase IIfalse positive/false negativeAn issue related to observed false positives or false negatives.user-reportIssue reported by an end user of CodeQL Coding Standards
@lcartey

Description

@lcartey
lcartey
opened on Jul 26, 2022

Affected rules

  • STR32-C

Description

Support reducing buffer size via realloc.

Example

#include <stdlib.h>
#include <wchar.h>
  
wchar_t *cur_msg = NULL;
size_t cur_msg_size = 1024;
size_t cur_msg_len = 0;
 
void lessen_memory_usage(void) {
  wchar_t *temp;
  size_t temp_size;
 
  /* ... */
 
  if (cur_msg != NULL) {
    temp_size = cur_msg_size / 2 + 1;
    temp = realloc(cur_msg, temp_size * sizeof(wchar_t));
    /* temp &and cur_msg may no longer be null-terminated */
    if (temp == NULL) {
      /* Handle error */
    }
 
    cur_msg = temp;
    cur_msg_size = temp_size;
    cur_msg_len = wcslen(cur_msg);
  }
}

As taken from https://wiki.sei.cmu.edu/confluence/display/c/STR32-C.+Do+not+pass+a+non-null-terminated+character+sequence+to+a+library+function+that+expects+a+string#STR32C.Donotpassanonnullterminatedcharactersequencetoalibraryfunctionthatexpectsastring-NoncompliantCodeExample.1

Metadata

Metadata

Assignees

Labels

Difficulty-HighA false positive or false negative report which is expected to take 1+ week effort to addressImpact-MediumPhase IIfalse positive/false negativeAn issue related to observed false positives or false negatives.user-reportIssue reported by an end user of CodeQL Coding Standards

Type

No type

Projects

Coding Standards Public Development Board

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions