gitlab.flawfinder.memalign-1

137

Download Count*

License

Use posix_memalign instead (defined in POSIX's 1003.1d). Don't switch to valloc(); it is marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3. In some cases, malloc()'s alignment may be sufficient.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: flawfinder.memalign-1
    languages:
      - c
    message: >
      Use posix_memalign instead (defined in POSIX's 1003.1d).  Don't switch to
      valloc(); it is

      marked as obsolete in BSD 4.3, as legacy in SUSv2, and is no longer defined in SUSv3.  In some

      cases, malloc()'s alignment may be sufficient.
    metadata:
      cwe: "CWE-676: On some systems (though not Linux-based systems) an attempt to
        free() results from memalign() may fail. This may, on a few systems, be
        exploitable.  Also note that memalign() may not check that the boundary
        parameter is correct (CWE-676)"
      primary_identifier: flawfinder.memalign-1
      secondary_identifiers:
        - name: Flawfinder - memalign
          type: flawfinder_func_name
          value: memalign
      license: MIT
    pattern-either:
      - pattern: memalign(...)
      - pattern-regex: (void)\s\*(\s|)(memalign)\;
    severity: INFO

Short Link: https://sg.run/X8wl