VariantDraft

CWE-467Use of sizeof() on a Pointer Type

Category: memory

Description

The code calls sizeof() on a pointer type, which can be an incorrect calculation if the programmer intended to determine the size of the data that is being pointed to. The use of sizeof() on a pointer can sometimes generate useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer) indicates a bug.

Common consequences· 1

  • Integrity / Confidentiality — Modify Memory, Read Memory
    This error can often cause one to allocate a buffer that is much smaller than what is needed, leading to resultant weaknesses such as buffer overflows.

Potential mitigations· 1

  • [Implementation]Use expressions such as "sizeof(*pointer)" instead of "sizeof(pointer)", unless you intend to run sizeof() on a pointer type to gain some platform independence or if you are allocating a variable on the stack.

References

  1. https://cwe.mitre.org/data/definitions/467.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Data Element containing Pointer Item without Proper Copy Control Element
CWE
Reliance on Machine-Dependent Data Representation
CWE
Use of Uninitialized Variable
CWE
Use of Pointer Subtraction to Determine Size
CWE
Incorrect Pointer Scaling
CWE
Insufficient Control Flow Management
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.