Use of deprecated function (memalign)
Description
The `memalign` function may not check that the alignment argument is correct. Calling `free` (on non Linux-based systems) may fail and in certain circumstances this failure may be exploitable. This function has been deprecated in favor of `posix_memalign`.
Examples
Insecure Code
c
void* ptr = memalign(16, 1024);Secure Code
c
void* ptr; if (posix_memalign(&ptr, 16, 1024) != 0) { /* handle error */ }Remediation
Replace `memalign` with `posix_memalign` to ensure correct alignment and avoid potential security issues.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0593 |
| Category | InsecureConfig |
| Severity | HIGH |
| CWE | CWE-676 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | deprecated function, memory alignment |
| OWASP | A1:2017-Injection, A03:2021-Injection |