Insecure use of alloca()
Description
The use of alloca() is unsafe because it cannot ensure that the pointer returned points to a valid and usable block of memory. The allocation made may exceed the bounds of the stack, or even go further into other objects in memory, and alloca() cannot determine such an error.
Examples
Insecure Code
c
void func() { int* p = alloca(10); }Secure Code
c
void func() { int* p = malloc(10 * sizeof(int)); free(p); }Remediation
Use dynamic memory allocation functions like malloc() or calloc() instead of alloca() to ensure memory safety.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0663 |
| Category | Generic |
| Severity | CRITICAL |
| CWE | CWE-676 |
| Confidence | HIGH |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | memory-safety |
| OWASP | N/A |
References
- https://docs.microsoft.com/en-us/cpp/sanitizers/asan-error-examples
- https://nullprogram.com/blog/2019/10/28/
- https://cwe.mitre.org/data/definitions/676
- https://cwe.mitre.org/data/definitions/1325