ALLOC.SIZE.ADDOFLOW: Addition Overflow of Allocation

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

ALLOC.SIZE.ADDOFLOW : Addition Overflow of Allocation Size

An allocation size used as an argument to an allocator function is based on unchecked addition, thus risking integer overflow and an unexpectedly small allocated block.

(Note: when addition overflow can affect size calculation for an operation other than memory allocation, warning class Addition Overflow of Size applies instead.)

Class Name

Addition Overflow of Allocation Size

Significance

security

Mnemonic

ALLOC.SIZE.ADDOFLOW

Categories

MisraC2023	MisraC2023:D.4.11	The validity of values passed to library functions shall be checked
Misra2012	Misra2012:D.4.11	The validity of values passed to library functions shall be checked
Misra2004	Misra2004:20.3	The validity of values passed to library functions shall be checked
MisraC++2023	MisraC++2023:8.20.1	An unsigned arithmetic operation with constant operands should not wrap
CWE	CWE:128	Wrap-around Error
	CWE:131	Incorrect Calculation of Buffer Size
	CWE:190	Integer Overflow or Wraparound
	CWE:680	Integer Overflow to Buffer Overflow
TS17961	TS17961:5.29-intoflow	5.29. Overflowing signed integers
	TS17961:5.45-taintsink	5.45. Tainted, potentially mutilated, or out-of-domain integer values are used in a restricted sink
CERT-C	CERT-C:INT08-C	Verify that all integer values are in range
	CERT-C:INT18-C	Evaluate integer expressions in a larger size before comparing or assigning to that size
	CERT-C:INT30-C	Ensure that unsigned integer operations do not wrap
	CERT-C:INT32-C	Ensure that operations on signed integers do not result in overflow
	CERT-C:MEM35-C	Allocate sufficient memory for an object
JSF++	JSF++:203	Evaluation of expressions shall not lead to overflow/underflow (unless required algorithmically and then should be heavily documented).
	JSF++:212	Underflow or overflow functioning shall not be depended on in any special way.
DISA-6r1	DISA-6r1:V-222612	The application must not be vulnerable to overflow attacks.
DISA-5r3	DISA-5r3:V-70277	The application must not be vulnerable to overflow attacks.
DISA-4r3	DISA-4r3:V-70277	The application must not be vulnerable to overflow attacks.
DISA-3r10	DISA-3r10:V-16808	The designer will ensure the application is not vulnerable to integer arithmetic issues.
OWASP-2017	OWASP-2017:A8	Insecure deserialization
OWASP-2021	OWASP-2021:A8	Software and data integrity failures

Availability

Available for C and C++.

Enabling

Checks for this warning class are disabled by default. To enable them, add the following WARNING_FILTER rule to the project configuration file.

WARNING_FILTER += allow class="Addition Overflow of Allocation Size"

#include <stdlib.h>

int do_addoflow_alloc(int x, int y)
{
    char *p =  malloc(x+y);  /* 'Addition Overflow of Allocation Size' warning issued here. */
    int rv = 0;
    if (p){
      rv = 1;
      free(p);
    }
    return rv;
}

Addition Overflow of Allocation Size warnings can be triggered by any function treated as an allocator by CodeSonar:

any library function that is recognized as an allocator because CodeSonar ships with a library model that identifies it as such, and

any function for which you have added a library model identifying it as an allocator.

Note that classes Addition Overflow of Allocation Size, Multiplication Overflow of Allocation Size, Subtraction Underflow of Allocation Size and Truncation of Allocation Size all have the same set of triggering functions.

This is a "taint+dp" warning class: warnings of this class undergo a dedicated refinement phase that cannot be disabled. One consequence of this is that reporting exhibits some degree of unavoidable nondeterminism. If result stability is important to you, you may wish to avoid enabling this class.

In issuing a warning of this class, CodeSonar does not take into account any constraints on integer values that are imposed before the beginning of the warning's core path.

When you are trying to diagnose these warnings, it can be effective to reason about possible values of relevant globals and parameters at the beginning of the core path.

See Warning Paths and Path Checking for information about viewing and checking feasibility of extended paths.

The following configuration file parameters affect checks for this warning class.

ALLOC.SIZE.ADDOFLOW : Addition Overflow of Allocation Size

Summary

Properties

Example

Triggering Functions

Note

Relevant Configuration File Parameters