Skip to content

Potential security issue in test_example.cpp: Missing pointer dereference in sizeof#31

Open
monocle-ai wants to merge 1 commit into
siva-msft:masterfrom
monocle-ai:test_example-ptr-2020-04-17-12-11-44-31
Open

Potential security issue in test_example.cpp: Missing pointer dereference in sizeof#31
monocle-ai wants to merge 1 commit into
siva-msft:masterfrom
monocle-ai:test_example-ptr-2020-04-17-12-11-44-31

Conversation

@monocle-ai

Copy link
Copy Markdown

The operand to sizeof is the same as the pointer in a memory access. The developer likely intended to calculate the size of the object pointed to but forgot to dereference the pointer in the sizeof. The following code locations use the size of a pointer instead of the actual object's size:

2 instances of this defect were found in the following locations:

Instance 1
File : test_example.cpp
Function: memset

memset(&t1, 0, sizeof(&t1)); // recommend: sizeof(struct T1) or sizeof(t1)

Code extract:

void ptr_1() {
    T1 t1, *pt1 = &t1;
    memset(&t1, 0, sizeof(t1)); // correct usage
    memset(&t1, 0, sizeof(&t1)); // recommend: sizeof(struct T1) or sizeof(t1)
 <------ HERE
}

Instance 2
File : test_example.cpp
Function: memcmp

memcmp(&t1,pt2,sizeof(T1*)); // recommend: sizeof(struct T1)

Code extract:

void ptr_2() {
    T1 t1, *pt2 = &t1;
    memcmp(&t1,pt2,sizeof(T1*)); // recommend: sizeof(struct T1)
 <------ HERE
}

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants