CWE-588 尝试访问一个非结构体指针的子域
Attempt to Access Child of a Non-structure Pointer
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: unkown
基本描述
Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 704 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 758 cwe_View_ID: 1000
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Integrity | Modify Memory | Adjacent variables in memory may be corrupted by assignments performed on fields after the cast. |
| Availability | DoS: Crash, Exit, or Restart | Execution may end due to a memory access error. |
可能的缓解方案
Requirements
策略:
The choice could be made to use a language that is not susceptible to these issues.
Implementation
策略:
Review of type casting operations can identify locations where incompatible types are cast.
示例代码
例
The following example demonstrates the weakness.
bad C
struct foo
{
...
int main(int argc, char argv)
{
{
int i;
}...
int main(int argc, char argv)
{
foo = (struct foo )main;
foo->i = 2;
return foo->i;
}foo->i = 2;
return foo->i;
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| Software Fault Patterns | SFP7 | Faulty Pointer Use |