CWE-469: Use of Pointer Subtraction to Determine Size

CWE-469: Use of Pointer Subtraction to Determine Size | RadicalNotion.AI

Code examples

Illustrative examples from MITRE showing how the weakness appears in code.

The following example contains the method size that is used to determine the number of nodes in a linked list. The method is passed a pointer to the head of the linked list.

Vulnerable example

struct node {

However, the method creates a pointer that points to the end of the list and uses pointer subtraction to determine the number of nodes in the list by subtracting the tail pointer from the head pointer. There no guarantee that the pointers exist in the same memory area, therefore using pointer subtraction in this way could return incorrect results and allow other unintended behavior. In this example a counter should be used to determine the number of nodes in the list, as shown in the following code.

CWE-469: Use of Pointer Subtraction to Determine Size

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Fuzzing

Automated Static Analysis

Code examples

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-469?

What CVEs are caused by CWE-469?

How do you prevent CWE-469?

How is CWE-469 detected?

What are the consequences of CWE-469?

Is CWE-469 actively exploited?

References

Stay ahead of CWE-469

Overview

Real-world CVEs

Common consequences

How it happens

When it is introduced

Applies to

How to prevent it

How to detect it

Fuzzing

Automated Static Analysis

Code examples

Related weaknesses

Parent

Terminology & mappings

Mapped taxonomies

Frequently asked questions

What is CWE-469?

What CVEs are caused by CWE-469?

How do you prevent CWE-469?

How is CWE-469 detected?

What are the consequences of CWE-469?

Is CWE-469 actively exploited?

References

Stay ahead of CWE-469