Use of sizeof() on a pointer type
Running sizeof() on a malloced pointer type will always return the wordsize/8.
Authorization: This error can often cause one to allocate a buffer much smaller than what is needed and therefore other problems like a buffer overflow can be caused.
- Implementation: This is entirely an implementation flaw.
- Languages: C or C++
- Operating platforms: Any
Likelihood of exploit
Avoidance and mitigation
- Implementation: Unless one is trying to leverage running sizeof() on a pointer type to gain some platform independence or if one is mallocing a variable on the stack, this should not be done.
One can in fact use the sizeof() of a pointer as useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer)
void *foo; printf("%d\n",sizeof(foo)); //this will return wordsize/4 return 0;