Module cwe_checker_lib::checkers::cwe_467

Expand description

This module implements a check for CWE-467: Use of sizeof() on a Pointer Type.

Functions like malloc and memmove take a size parameter of some data size as input. If accidentially the size of a pointer to the data instead of the size of the data itself gets passed to the function, this can have severe consequences.

See https://cwe.mitre.org/data/definitions/467.html for a detailed description.

How the check works

We check whether a parameter in a call to a function listed in the symbols for CWE467 (configurable in in config.json) is an immediate value that equals the size of a pointer (e.g. 4 bytes on x86).

False Positives

The size value might be correct and not a bug.

False Negatives

If the incorrect size value is generated before the basic block that contains the call, the check will not be able to find it.

Structs

Config
Function symbols read from config.json. All parameters of these functions will be checked on whether they are pointer sized.

Statics

CWE_MODULE
The module name and version

Functions

check_cwe
Execute the CWE check.