BaseDraft

CWE-469Use of Pointer Subtraction to Determine Size

Category: memory

Description

The product subtracts one pointer from another in order to determine size, but this calculation can be incorrect if the pointers do not exist in the same memory chunk.

Common consequences· 1

  • Access Control / Integrity / Confidentiality / Availability — Modify Memory, Read Memory, Execute Unauthorized Code or Commands, Gain Privileges or Assume Identity
    There is the potential for arbitrary code execution with privileges of the vulnerable program.

Potential mitigations· 1

  • [Implementation]Save an index variable. This is the recommended solution. Rather than subtract pointers from one another, use an index variable of the same size as the pointers in question. Use this variable to "walk" from one pointer to the other and calculate the difference. Always validate this number.

References

  1. https://cwe.mitre.org/data/definitions/469.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Use of Out-of-range Pointer Offset
CWE
Untrusted Pointer Dereference
CWE
Double Free
CWE
Use of sizeof() on a Pointer Type
CWE
Use After Free
CWE
Integer Underflow (Wrap or Wraparound)
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.