Incorrect use of memset
Description
The invocation of memset() is easy to get wrong. The second argument is the character and the third argument is the size, but sometimes these arguments are in the wrong order. This results in a no-op.
Examples
Insecure Code
c
memset(buf, 0, sizeof(buf));Secure Code
c
memset(buf, '\0', sizeof(buf));Remediation
Verify the order of arguments in memset() and ensure the character is the second argument and the size is the third argument.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0647 |
| Category | Generic |
| Severity | HIGH |
| CWE | CWE-688 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | memset, memory |
| OWASP | N/A |