Module cwe_checker_lib::checkers::cwe_467
source · Expand description
This module implements a check for CWE-467: Use of sizeof() on a Pointer Type.
Functions like malloc and memmove take a size parameter of some data size as input. If accidentially the size of a pointer to the data instead of the size of the data itself gets passed to the function, this can have severe consequences.
See https://cwe.mitre.org/data/definitions/467.html for a detailed description.
How the check works
We check whether a parameter in a call to a function listed in the symbols for CWE467 (configurable in in config.json) is an immediate value that equals the size of a pointer (e.g. 4 bytes on x86).
False Positives
- The size value might be correct and not a bug.
False Negatives
- If the incorrect size value is generated before the basic block that contains the call, the check will not be able to find it.
Structs
- Function symbols read from config.json. All parameters of these functions will be checked on whether they are pointer sized.
Statics
- The module name and version
Functions
- Execute the CWE check.