Use of sizeof() on a pointer type

From OWASP

Jump to: navigation, search

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

1 Description
2 Risk Factors
3 Examples
4 Related Attacks
5 Related Vulnerabilities
6 Related Controls
7 Related Technical Impacts
8 References

ASDR Table of Contents

Last revision (mm/dd/yy): 11/9/2008

Description

Running sizeof() on a malloced pointer type will always return the wordsize/8.

Consequences

Authorization: This error can often cause one to allocate a buffer much smaller than what is needed and therefore other problems like a buffer overflow can be caused.

Exposure period

Implementation: This is entirely an implementation flaw.

Platform

Languages: C or C++
Operating platforms: Any

Required resources

Any

Severity

High

Likelihood of exploit

High

One can in fact use the sizeof() of a pointer as useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer)

Risk Factors

TBD

Examples

In C/C++:

#include <stdiob.h>

int main(){
  void *foo;
  printf("%d\n",sizeof(foo)); //this will return wordsize/4
  return 0;
}

Related Attacks

Related Vulnerabilities

Related Controls

Implementation: Unless one is trying to leverage running sizeof() on a pointer type to gain some platform independence or if one is mallocing a variable on the stack, this should not be done.

Related Technical Impacts

References

TBD

Retrieved from "http://www.owasp.org/index.php/Use_of_sizeof%28%29_on_a_pointer_type"

Use of sizeof() on a pointer type

From OWASP

Contents

Description

Risk Factors

Examples

Related Attacks

Related Vulnerabilities

Related Controls

Related Technical Impacts

References

Views

Personal tools

Navigation

Reference

Language

search

Toolbox