CWARN.MEMSET.SIZEOF.PTR

Memset-like function with 'sizeof' applied to pointer

The CWARN.MEMSET.SIZEOF.PTR checker flags memset-type functions in which sizeof is applied to a pointer instead of a pointed object.

Vulnerability and risk

When an incorrect size is passed to a memset function, the wrong number of bytes is filled by the call. This situation can result in weaknesses like buffer overflow.

Vulnerable code example

1  #include <memory.h>

2  struct S {
3    int x, y;
4  };
  
5  void zero_S(struct S *ps) {
6    memset(ps, 0, sizeof(ps));
7  }

In this example, Klocwork flags line 5, in which sizeof is applied to the pointer ps.

Fixed code example

1  #include <memory.h>

2  struct S {
3     int x, y;
4  };

5  void zero_S(struct S *ps) {
7    memset(ps, 0, sizeof(*ps));     
8    memset(ps, 0, sizeof(struct S));
9  }

The fixed example shows two instances in lines 7 and 8, in which the code is entered correctly.

External guidance

• CWE-467: Use of sizeof() on a Pointer Type
• ARR01-C: Do not apply the sizeof operator to a pointer when taking the size of an array