Not enough memory allocated for array of pointer type¶
ID: cpp/suspicious-allocation-sizeKind: problemSecurity severity: 8.1Severity: warningPrecision: mediumTags: - reliability - security - external/cwe/cwe-131 - external/cwe/cwe-122Query suites: - cpp-security-extended.qls - cpp-security-and-quality.qls
Click to see the query in the CodeQL repository
When you allocate an array from memory usingmalloc,calloc orrealloc, you should ensure that you allocate enough memory to contain a multiple of the size of the required pointer type. Calls that are assigned to a non-void pointer variable, but do not allocate enough memory will cause a buffer overflow when a field accessed on the pointer points to memory that is beyond the allocated array. Buffer overflows can lead to anything from a segmentation fault to a security vulnerability.
Recommendation¶
The highlighted call allocates memory that is not a multiple of the size of the pointer type, which can cause a memory overrun. Use thesizeof operator to ensure that the function call allocates enough memory for that type.
Example¶
#define RECORD_SIZE 30//incorrect or outdated size for recordtypedefstruct{charname[30];intstatus;}Record;voidf(){Record*p=malloc(RECORD_SIZE*4);//wrong: not a multiple of the size of Recordp[3].status=1;//will most likely segfault...}