Use of insecure alloca() with no guarantee of valid memory allocation

ID

c.memory_management.insecure_api_alloca

Severity

critical

Resource

Memory Management

Language

C / C++

Description

Use of alloca() is unsafe because it cannot ensure that the pointer returned points to a valid and usable block of memory. The allocation made may exceed the bounds of the stack, or even go further into other objects in memory, and alloca() cannot determine such an error.

Rationale

Use of alloca() is unsafe because it cannot ensure that the pointer returned points to a valid and usable block of memory. The allocation made may exceed the bounds of the stack, or even go further into other objects in memory, and alloca() cannot determine such an error.

The following code illustrates a vulnerable pattern detected by this rule:

void allocate_memory()
{
	// VULNERABLE: Use of insecure alloca() with no guarantee of valid memory allocation
	alloca(MEMSIZE);

	// ...
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References