Pointer subtraction between unrelated memory objects

c.buffer_overflow.pointer_subtraction

Severity

low

Resource

Buffer Overflow

Language

C / C++

Description

The software subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk.

Rationale

The software subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk.

The following code illustrates a vulnerable pattern detected by this rule:

void bad1(char *tmp, char *ptr1, char *ptr2)
{
	// VULNERABLE: Pointer subtraction between unrelated memory objects
	memcpy(tmp, ptr1, (ptr2 - ptr1) - 1);
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-469
OWASP Top 10 2021 - A04 : Insecure Design.
https://github.com/struct/mms
CERTC-ARR36-C