CWE-467

Use of sizeof() on a Pointer Type

AI Translation Available

The code calls sizeof() on a pointer type, which can be an incorrect calculation if the programmer intended to determine the size of the data that is being pointed to.

Status

draft

Abstraction

variant

Likelihood

high

Affected Platforms

C C++

Extended Description

AI Translation

The use of sizeof() on a pointer can sometimes generate useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer) indicates a bug.

Technical Details

AI Translation

Common Consequences

integrity confidentiality

Impacts

modify memory read memory

Detection Methods

automated static analysis

Potential Mitigations

Phases:

implementation

Descriptions:

• Use expressions such as "sizeof(*pointer)" instead of "sizeof(pointer)", unless you intend to run sizeof() on a pointer type to gain some platform independence or if you are allocating a variable on the stack.

AI Generated Translation

Common Consequences

integrità riservatezza

Impacts

modificare memoria leggere memoria

Detection Methods

analisi statica automatizzata

Potential Mitigations

Phases:

implementazione

Descriptions:

• Usa espressioni come "sizeof(*pointer)" invece di "sizeof(pointer)", a meno che tu non voglia eseguire sizeof() su un tipo puntatore per ottenere una maggiore portabilità tra piattaforme o se stai allocando una variabile nello stack.

CWE-467

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Common Consequences

Impacts

Detection Methods

Potential Mitigations

Iscriviti alla newsletter