CWE-467 - Use of sizeof() on a Pointer Type

CWE-467 High

Abstraction:
Variant

Structure:
Simple

Status:
Draft

Weakness Name: Use of sizeof() on a Pointer Type

Description: The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine how much memory has been allocated.
The use of sizeof() on a pointer can sometimes generate useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer) indicates a bug.

Common Consequences: Scope: Integrity, Confidentiality
Impact: Modify Memory, Read Memory
Notes: This error can often cause one to allocate a buffer that is much smaller than what is needed, leading to resultant weaknesses such as buffer overflows.

Related Weaknesses: CWE-131Incorrect Calculation of Buffer SizeHigh

Release Date:
2006-07-19

Latest Modification Date:
2023-06-29

Free security scan for your website

Don't show website scan report rating on the leaderboard