JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

CodeSonar® 9.2p0 CONFIDENTIAL CodeSecure Inc
C and C++
Binaries

ALLOC.SIZE.IOFLOW : Integer Overflow of Allocation Size

Summary

An allocation size used as an argument to an allocator function is based on unchecked multiplication, thus risking integer overflow and an unexpectedly small allocated block.

In general, this class represents a subset of Multiplication Overflow of Allocation Size, except that the implicit multiplication in C++ new[] may trigger an Integer Overflow Of Allocation Size warning but will not trigger a Multiplication Overflow of Allocation Size warning.

Properties

Class Name Integer Overflow of Allocation Size
Significance security
Mnemonic ALLOC.SIZE.IOFLOW
Categories
MisraC2025 MisraC2025:D.4.11 The validity of values passed to library functions shall be checked
MisraC2023 MisraC2023:D.4.11 The validity of values passed to library functions shall be checked
Misra2012 Misra2012:D.4.11 The validity of values passed to library functions shall be checked
Misra2004 Misra2004:20.3 The validity of values passed to library functions shall be checked
MisraC++2023 MisraC++2023:0.3.2 A function call shall not violate the function's preconditions
CWE CWE:128 Wrap-around Error
  CWE:131 Incorrect Calculation of Buffer Size
  CWE:190 Integer Overflow or Wraparound
  CWE:680 Integer Overflow to Buffer Overflow
TS17961 TS17961:5.29-intoflow Overflowing signed integers
  TS17961:5.45-taintsink Tainted, potentially mutilated, or out-of-domain integer values are used in a restricted sink
CERT-C CERT-C:ARR32-C Ensure size arguments for variable length arrays are in a valid range
  CERT-C:INT08-C Verify that all integer values are in range
  CERT-C:INT18-C Evaluate integer expressions in a larger size before comparing or assigning to that size
  CERT-C:INT30-C Ensure that unsigned integer operations do not wrap
  CERT-C:INT32-C Ensure that operations on signed integers do not result in overflow
  CERT-C:MEM35-C Allocate sufficient memory for an object
JSF++ JSF++:203 Evaluation of expressions shall not lead to overflow/underflow (unless required algorithmically and then should be heavily documented).
  JSF++:212 Underflow or overflow functioning shall not be depended on in any special way.
DISA-6r1 DISA-6r1:V-222612 The application must not be vulnerable to overflow attacks.
DISA-5r3 DISA-5r3:V-70277 The application must not be vulnerable to overflow attacks.
DISA-4r3 DISA-4r3:V-70277 The application must not be vulnerable to overflow attacks.
DISA-3r10 DISA-3r10:V-16808 The designer will ensure the application is not vulnerable to integer arithmetic issues.
OWASP-2017 OWASP-2017:A8 Insecure deserialization
OWASP-2021 OWASP-2021:A8 Software and data integrity failures
Availability Available for C and C++.
Enabling Checks for this warning class are enabled by default. To disable them, add the following WARNING_FILTER rule to the project configuration file. 
WARNING_FILTER += discard class="Integer Overflow of Allocation Size"

Example

To avoid Integer Overflow of Allocation Size warnings, check the result of any multiplication operation before using it to compute an allocation size.

#include <cstdlib>

void ioflow(int x, int y, int z){
    int s;
    char *p;

    p = (char *)  malloc(x * y);   /* 'Integer Overflow of Allocation Size' warning issued here */
                                   /* When enabled, 'Multiplication Overflow of Allocation Size' warning also issued here */
    if (!p){return;} else {free(p);}

    s = x * y;
    p = (char *) malloc(s);       /* 'Integer Overflow of Allocation Size' warning issued here */
    if (!p){return;} else {free(p);}

    p = new char[x * y];          /* 'Integer Overflow of Allocation Size' warning issued here */
    delete[] p;

    s = y * z;
    if (s / y == z){
      p = (char *) malloc(s + 1);                             /* ok: multiplication result was checked */
      if (!p){return;} else {free(p);}
    }

    if ( (y*z) / y == z){
      p = (char *) malloc(y*z + 1);  /* 'Integer Overflow of Allocation Size' warning issued here
                                      * - the multiplication operation inside the malloc() argument was not checked
                                      */
      if (!p){return;} else {free(p);}
    }
}

Relevant Configuration File Parameters

The following configuration file parameters affect checks for this warning class.

 

To report problems with this documentation, please visit https://support.codesecure.com/.