This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Improper pointer subtraction"

Jump to: navigation, search
Line 1: Line 1:
| type=old
| lastRevision=2017-07-31
| comment=The page should be review updated.It requires better explanation

Latest revision as of 15:20, 30 July 2016

This page contains out-of-date content. Please help OWASP to FixME.
Last revision (yyyy-mm-dd): 2017-07-31
Comment: The page should be review updated.It requires better explanation


The subtraction of one pointer from another in order to determine size is dependant on the assumption that both pointers exist in the same memory chunk.


  • Authorization: There is the potential for arbitrary code execution with privileges of the vulnerable program.

Exposure period

  • Pre-design through Build: The use of tools to prevent these errors should be used.
  • Implementation: Many logic errors can lead to this condition. It can be exacerbated by lack of or misuse of mitigating technologies.


  • Languages: C/C++/C#
  • Operating Platforms: Any

Required resources




Likelihood of exploit


Avoidance and mitigation

  • Pre-design through Build: Most static analysis programs should be able to catch these errors.
  • Implementation: Save an index variable. This is the recommended solution. Rather than subtract pointers from one another, use an index variable of the same size as the pointers in question. Use this variable "walk" from one pointer to the other and calculate the difference. Always sanity check this number.

Related problems