Skip to content

STR32-C: Support reducing buffer size via realloc #31

Closed
#579
Closed
STR32-C: Support reducing buffer size via realloc#31
#579
Assignees
knewbury01
Labels
Difficulty-HighA false positive or false negative report which is expected to take 1+ week effort to addressImpact-MediumPhase IIfalse positive/false negativeAn issue related to observed false positives or false negatives.user-reportIssue reported by an end user of CodeQL Coding Standards
@lcartey

Description

@lcartey
lcartey
opened on Jul 26, 2022

Affected rules

  • STR32-C

Description

Support reducing buffer size via realloc.

Example

#include <stdlib.h>
#include <wchar.h>
  
wchar_t *cur_msg = NULL;
size_t cur_msg_size = 1024;
size_t cur_msg_len = 0;
 
void lessen_memory_usage(void) {
  wchar_t *temp;
  size_t temp_size;
 
  /* ... */
 
  if (cur_msg != NULL) {
    temp_size = cur_msg_size / 2 + 1;
    temp = realloc(cur_msg, temp_size * sizeof(wchar_t));
    /* temp &and cur_msg may no longer be null-terminated */
    if (temp == NULL) {
      /* Handle error */
    }
 
    cur_msg = temp;
    cur_msg_size = temp_size;
    cur_msg_len = wcslen(cur_msg);
  }
}

As taken from https://wiki.sei.cmu.edu/confluence/display/c/STR32-C.+Do+not+pass+a+non-null-terminated+character+sequence+to+a+library+function+that+expects+a+string#STR32C.Donotpassanonnullterminatedcharactersequencetoalibraryfunctionthatexpectsastring-NoncompliantCodeExample.1

Metadata

Metadata

Assignees

Labels

Difficulty-HighA false positive or false negative report which is expected to take 1+ week effort to addressImpact-MediumPhase IIfalse positive/false negativeAn issue related to observed false positives or false negatives.user-reportIssue reported by an end user of CodeQL Coding Standards

Type

No type

Fields

No fields configured for issues without a type.

Projects

Coding Standards Public Development Board

Status

Done

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions