MISC.MEM.SIZE.BAD : Unreasonable Size Argument

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

CodeSonar^® 9.2p0

CONFIDENTIAL

CodeSecure Inc

C and C++

Binaries

MISC.MEM.SIZE.BAD : Unreasonable Size Argument

Summary

A size argument to one of the triggering functions leads to a negative or extremely large size for an allocation request.

Properties

Class Name

Unreasonable Size Argument

Significance

security

Mnemonic

MISC.MEM.SIZE.BAD

Categories

MisraC2025	MisraC2025:21.18	The size_t argument passed to any function in <string.h> shall have an appropriate value
MisraC2023	MisraC2023:21.18	The size_t argument passed to any function in <string.h> shall have an appropriate value
Misra2012	Misra2012:21.18	The size_t argument passed to any function in <string.h> shall have an appropriate value
MisraC++2023	MisraC++2023:0.3.2	A function call shall not violate the function's preconditions
CWE	CWE:687	Function Call With Incorrectly Specified Argument Value
	CWE:688	Function Call With Incorrect Variable or Reference as Argument
TS17961	TS17961:5.45-taintsink	Tainted, potentially mutilated, or out-of-domain integer values are used in a restricted sink
CERT-C	CERT-C:ARR32-C	Ensure size arguments for variable length arrays are in a valid range
	CERT-C:INT08-C	Verify that all integer values are in range
	CERT-C:INT30-C	Ensure that unsigned integer operations do not wrap
	CERT-C:INT32-C	Ensure that operations on signed integers do not result in overflow
	CERT-C:MEM05-C	Avoid large stack allocations
	CERT-C:MEM11-C	Do not assume infinite heap space
	CERT-C:MEM35-C	Allocate sufficient memory for an object
DISA-6r1	DISA-6r1:V-222612	The application must not be vulnerable to overflow attacks.
DISA-5r3	DISA-5r3:V-70277	The application must not be vulnerable to overflow attacks.
DISA-4r3	DISA-4r3:V-70277	The application must not be vulnerable to overflow attacks.
DISA-3r10	DISA-3r10:V-6165	The designer will ensure the application does not have buffer overflows, use functions known to be vulnerable to buffer overflows, and does not use signed values for memory allocation where permitted by the programming language.
OWASP-2021	OWASP-2021:A4	Insecure design
OWASP-2025	OWASP-2025:A06	Insecure Design

Availability

Available for C and C++.

Enabling

Checks for this warning class are enabled by default. To disable them, add the following WARNING_FILTER rule to the project configuration file.

WARNING_FILTER += discard class="Unreasonable Size Argument"

Example

#include <stdlib.h>
#include <stdio.h>

void *f(void)
{
    int x = getchar();
    return malloc(x); /* Warning here because getchar can return -1 */
}

Could Indicate

CWE:190	Integer Overflow or Wraparound
CWE:191	Integer Underflow (Wrap or Wraparound)
CWE:252	Unchecked Return Value

Triggers

Warnings of this class can be triggered by the following functions.

Allocators that take a size argument
Various library functions that take a length parameter and write to some location. Some representative examples are:
- libc: memset(), strncpy()
- Win32: ReadFile(), StrCatBuff()
- Mac OS X kernel: copyin(), copyinmsg()

Triggered When

The value passed to a size parameter represents a memory allocation request that the system cannot reasonably be expected to honor. There are two main cases.

The value passed is negative. A C compiler will not necessarily complain so long as the value can be cast to a valid size_t, but both the original negative value and the result of the cast (in most implementations, a number higher than MaxInt=2³¹-1) represent memory allocation requests that the system cannot reasonably be expected to honor.
The value passed is greater than MaxInt. Although there are valid size_t values in this range, they are so large that the system cannot reasonably be expected to honor the memory request.

Relevant Configuration File Parameters

The following configuration file parameters affect checks for this warning class.

To report problems with this documentation, please visit https://support.codesecure.com/.