Use of sizeof() on a pointer type

From OWASP
Revision as of 12:13, 16 April 2006 by Jeff Williams (Talk | contribs)

Jump to: navigation, search



Overview

Running sizeof() on a malloced pointer type will always return the wordsize/8.

Consequences

Authorization: This error can often cause one to allocate a buffer much smaller than what is needed and therefore other problems like a buffer overflow can be caused.

Exposure period

  • Implementation: This is entirely an implementation flaw.

Platform

  • Languages: C or C++
  • Operating platforms: Any

Required resources

Any

Severity

High

Likelihood of exploit

High

Avoidance and mitigation

  • Implementation: Unless one is trying to leverage running sizeof() on a pointer type to gain some platform independence or if one is mallocing a variable on the stack, this should not be done.

Discussion

One can in fact use the sizeof() of a pointer as useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer)

Examples

In C/C++:

#include <stdiob.h>

int main(){
  void *foo;
  printf("%d\n",sizeof(foo)); //this will return wordsize/4
  return 0;
}

Related problems

Not available.

Categories