Difference between revisions of "Use of sizeof() on a pointer type"

Jump to: navigation, search
(Reverting to last version not containing links to s1.shard.jp)
(2 intermediate revisions by 2 users not shown)
Line 1: Line 1:
[http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/email-promotions.html auto windscreen shield 1998
] [http://s1.shard.jp/bireba/mac-antivirus.html download free norton antivirus software
] [http://s1.shard.jp/olharder/autoroll-654.html site] [http://s1.shard.jp/frhorton/3q938n1mz.html solutions to poverty in africa
] [http://s1.shard.jp/frhorton/j1znr5lny.html grassland animals in africa
] [http://s1.shard.jp/frhorton/ybfhg5c59.html albino african frog
] [http://s1.shard.jp/bireba/eztrust-antivirus.html norton antivirus live update not working
] [http://s1.shard.jp/bireba/antivirus-appliance.html panda titanium antivirus 2005 keygen
] [http://s1.shard.jp/losaul/murrays-buses.html australia computer used
] [http://s1.shard.jp/losaul/when-is-fathers.html plunkett homes australia
] [http://s1.shard.jp/frhorton/98rznyn69.html the plight of africa] [http://s1.shard.jp/bireba/avg-60-antivirus.html ez trust ez antivirus
] [http://s1.shard.jp/bireba/antivirus-software.html download symantec antivirus corporate edition 9.0
] [http://s1.shard.jp/olharder/autoroll-654.html http] [http://s1.shard.jp/olharder/auto-ordance.html auto civic manual
] [http://s1.shard.jp/galeach/new144.html asia vacation package
] [http://s1.shard.jp/olharder/autopilots-for.html bankrupcy autoparts tier 1
] [http://s1.shard.jp/olharder/autoroll-654.html link] [http://s1.shard.jp/olharder/morrey-auto-group.html auto brake problems
] [http://s1.shard.jp/olharder/stevens-creek.html stevens creek auto] [http://s1.shard.jp/olharder/premium-autoboomru.html replacement automotive parts
] [http://s1.shard.jp/losaul/lawn-bowls-clubs.html brothers neilson surf australia
] [http://s1.shard.jp/bireba/download-best-antivirus.html norton antivirus software free
] [http://s1.shard.jp/bireba/antivirus-firewall.html agrisoft antivirus
] [http://s1.shard.jp/bireba/download-kaspersky.html panda software antivirus
] [http://s1.shard.jp/olharder/automation-expense.html automobile credit financing no
] [http://s1.shard.jp/olharder/collective-unconscious.html us auto parts carson ca
] [http://s1.shard.jp/frhorton/dfj31yuuh.html budget renta car south africa
] [http://s1.shard.jp/frhorton/uf3em2dk5.html african diamonds for sale
] [http://s1.shard.jp/losaul/physiotherapy-colleges.html australia government information
] [http://s1.shard.jp/frhorton/gpeqnwwus.html a list of famous african american scientist
] [http://s1.shard.jp/frhorton/glos5k8jt.html brandee danielle african plain
] [http://s1.shard.jp/galeach/new50.html mild dysplasia leep
] [http://s1.shard.jp/galeach/new178.html norasia container lines limited
] [http://s1.shard.jp/galeach/new169.html asia east tour
] [http://s1.shard.jp/olharder/audi-automotive.html chevy laptop auto desk
] [http://s1.shard.jp/losaul/australian-topographic.html australian labor party victorian branch
] [http://s1.shard.jp/galeach/new64.html asian tattoo letter
] [http://s1.shard.jp/galeach/new78.html asian school girl pic
] [http://s1.shard.jp/bireba/panda-antivirus.html avgfreeantivirus
] [http://s1.shard.jp/losaul/import-vehicles.html shakespeare by the sea australia
] [http://s1.shard.jp/olharder/auto-automotriz.html automobile detroit in industry usa
] [http://s1.shard.jp/olharder/long-term-auto.html automotive specialist san francisco
] [http://s1.shard.jp/frhorton/tqdtzy3e9.html african plant life
] [http://s1.shard.jp/galeach/new128.html anastasia hotel protaras cyprus
] [http://s1.shard.jp/losaul/vetco-aibel.html river that separates australias two most populous states
] [http://s1.shard.jp/galeach/new6.html asian newcomer
] [http://s1.shard.jp/olharder/automation-building.html replacement auto carpets

Latest revision as of 06:49, 3 June 2009

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

Last revision (mm/dd/yy): 06/3/2009

Vulnerabilities Table of Contents


Running sizeof() on a malloced pointer type will always return the wordsize/8.


Authorization: This error can often cause one to allocate a buffer much smaller than what is needed and therefore other problems like a buffer overflow can be caused.

Exposure period

Implementation: This is entirely an implementation flaw.


  • Languages: C or C++
  • Operating platforms: Any

Required resources




Likelihood of exploit


One can in fact use the sizeof() of a pointer as useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer)

Risk Factors



In C/C++:

#include <stdiob.h>

int main(){
  void *foo;
  printf("%d\n",sizeof(foo)); //this will return wordsize/4
  return 0;

Related Attacks

Related Vulnerabilities

Related Controls

  • Implementation: Unless one is trying to leverage running sizeof() on a pointer type to gain some platform independence or if one is mallocing a variable on the stack, this should not be done.

Related Technical Impacts