Main Content

CERT C: Rec. EXP09-C

Use sizeof to determine the size of a type or variable

expand all in page

Description

Rule Definition

Use sizeof to determine the size of a type or variable.1

Polyspace Implementation

The rule checker checks for Hard-coded object size used to manipulate memory.

Examples

expand all

Issue

The issue Hard-coded object size used to manipulate memory occurs when you use hard-coded constants as memory size arguments for these memory functions:

  • Dynamic memory allocation function such as malloc or calloc.

  • Memory manipulation functions such as memcpy, memmove, memcmp, or memset.

When performing memory operations with a string literal, Polyspace® does not report a violation of this rule if you hard code the memory size.

Risk

If you hard code object size, your code is not portable to architectures with different type sizes. If the constant value is not the same as the object size, the buffer might or might not overflow.

Fix

For the size argument of memory functions, use sizeof(object).

Example - Assume 4-Byte Integer Pointers
#include <stddef.h>
#include <stdlib.h>
enum {
    SIZE3   = 3,
    SIZE20  = 20
};
extern void fill_ints(int **matrix, size_t nb, size_t s);

void bug_hardcodedmemsize()
{
    size_t i, s;

    s = 4;
    int **matrix = (int **)calloc(SIZE20, s); //Noncompliant
    if (matrix == NULL) {
        return; /* Indicate calloc() failure */
    }
    fill_ints(matrix, SIZE20, s);
    free(matrix);
}

In this example, the memory allocation function calloc is called with a memory size of 4. The memory is allocated for an integer pointer, which can be a more or less than 4 bytes depending on your target. If the integer pointer is not 4 bytes, your program can fail.

Correction — Use sizeof(int *)

When calling calloc, replace the hard-coded size with a call to sizeof. This change makes your code more portable.

#include <stddef.h>
#include <stdlib.h>
enum {
    SIZE3   = 3,
    SIZE20  = 20
};
extern void fill_ints(int **matrix, size_t nb, size_t s);

void corrected_hardcodedmemsize()
{
    size_t i, s;

    s = sizeof(int *);
    int **matrix = (int **)calloc(SIZE20, s);
    if (matrix == NULL) {
        return; /* Indicate calloc() failure */
    }
    fill_ints(matrix, SIZE20, s);
    free(matrix);
}

Hard Coded Size in memset

In this example, the function clean_sensitive_memory clears sensitive information from the memory. Here, the memory size argument of memset is hardcoded to be 64 bytes. If s->data cannot accommodate 64 bytes, the program fails and the sensitive information might remain in memory. Polyspace reports a violation of this rule on the memory operations.

#include<string.h>

struct sensitiveInfo
{
    unsigned char data[64];
    int length;
};

char key[64];

void clean_sensitive_memory (struct sensitiveInfo *s)
{
    memset (s->data, 0, 64);          //Defect
    memset ((void *) key, 0, 64);  //Defect
}
Correction — Use sizeof() for Size Argument

To fix this violation, replace the hardcoded memory sizes by calls to sizeof().

#include<string.h>

struct sensitiveInfo
{
    unsigned char data[64];
    int length;
};

char key[64];

void clean_sensitive_memory (struct sensitiveInfo *s)
{
  memset (s->data, 0, sizeof (s->data));	//Fixed
  memset ((void *) key, 0, sizeof(key)); //Fixed
}

Check Information

Group: Rec. 03. Expressions (EXP)

Version History

Introduced in R2019a

expand all

See Also

Topics

External Websites

1 This software has been created by MathWorks incorporating portions of: the “SEI CERT-C Website,” © 2017 Carnegie Mellon University, the SEI CERT-C++ Web site © 2017 Carnegie Mellon University, ”SEI CERT C Coding Standard – Rules for Developing safe, Reliable and Secure systems – 2016 Edition,” © 2016 Carnegie Mellon University, and “SEI CERT C++ Coding Standard – Rules for Developing safe, Reliable and Secure systems in C++ – 2016 Edition” © 2016 Carnegie Mellon University, with special permission from its Software Engineering Institute.

ANY MATERIAL OF CARNEGIE MELLON UNIVERSITY AND/OR ITS SOFTWARE ENGINEERING INSTITUTE CONTAINED HEREIN IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

This software and associated documentation has not been reviewed nor is it endorsed by Carnegie Mellon University or its Software Engineering Institute.