CWE-588 尝试访问一个非结构体指针的子域

  • A+
所属分类:CWE(弱点枚举)

CWE-588 尝试访问一个非结构体指针的子域

Attempt to Access Child of a Non-structure Pointer

结构: Simple

Abstraction: Variant

状态: Incomplete

被利用可能性: unkown

基本描述

Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.

相关缺陷

  • cwe_Nature: ChildOf cwe_CWE_ID: 704 cwe_View_ID: 1000 cwe_Ordinal: Primary

  • cwe_Nature: ChildOf cwe_CWE_ID: 758 cwe_View_ID: 1000

常见的影响

范围 影响 注释
Integrity Modify Memory Adjacent variables in memory may be corrupted by assignments performed on fields after the cast.
Availability DoS: Crash, Exit, or Restart Execution may end due to a memory access error.

可能的缓解方案

Requirements

策略:

The choice could be made to use a language that is not susceptible to these issues.

Implementation

策略:

Review of type casting operations can identify locations where incompatible types are cast.

示例代码

The following example demonstrates the weakness.

bad C

struct foo
{

int i;

}
...
int main(int argc, char argv)
{

foo = (struct foo )main;
foo->i = 2;
return foo->i;

}

分类映射

映射的分类名 ImNode ID Fit Mapped Node Name
Software Fault Patterns SFP7 Faulty Pointer Use

文章来源于互联网:scap中文网

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: