Not enough memory allocated for pointer type¶
ID: cpp/allocation-too-smallKind: problemSecurity severity: 8.1Severity: warningPrecision: mediumTags: - reliability - security - external/cwe/cwe-131 - external/cwe/cwe-122Query suites: - cpp-security-extended.qls - cpp-security-and-quality.qls
Click to see the query in the CodeQL repository
When you allocate an array from memory usingmalloc,calloc orrealloc, you should ensure that you allocate enough memory to contain an instance of the required pointer type. Calls that are assigned to a non-void pointer variable, but do not allocate enough memory will cause a buffer overflow when a field accessed on the pointer points to memory that is beyond the allocated array. Buffer overflows can lead to anything from a segmentation fault to a security vulnerability.
Recommendation¶
The highlighted call allocates memory that is too small to contain an instance of the type of the pointer, which can cause a memory overrun. Use thesizeof operator to ensure that the function call allocates enough memory for that type.
Example¶
#define RECORD_SIZE 30//incorrect or outdated size for recordtypedefstruct{charname[30];intstatus;}Record;voidf(){Record*p=malloc(RECORD_SIZE);//not of sufficient size to hold a Record...}