Incorrect Pointer Scaling

Incomplete Base

Structure: Simple

Description

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

Common Consequences 1

Scope: ConfidentialityIntegrity

Impact: Read MemoryModify Memory

Incorrect pointer scaling will often result in buffer overflow conditions. Confidentiality can be compromised if the weakness is in the context of a buffer over-read or under-read.

Potential Mitigations 3

Phase: Architecture and Design

Use a platform with high-level memory abstractions.

Phase: Implementation

Always use array indexing instead of direct pointer manipulation.

Phase: Architecture and Design

Use technologies for preventing buffer overflows.

Demonstrative Examples 1

ID : DX-55

This example attempts to calculate the position of the second byte of a pointer.

Code Example:Bad
C
c

In this example, second_char is intended to point to the second byte of p. But, adding 1 to p actually adds sizeof(int) to p, giving a result that is incorrect (3 bytes off on 32-bit platforms). If the resulting memory address is read, this could potentially be an information leak. If it is a write, it could be a security-critical write to unauthorized memory-- whether or not it is a buffer overflow. Note that the above code may also be wrong in other ways, particularly in a little endian environment.

References 2

The CLASP Application Security Process

Secure Software, Inc.

2005

https://cwe.mitre.org/documents/sources/TheCLASPApplicationSecurityProcess.pdf(2024-11-17)

ID: REF-18

The Art of Software Security Assessment

Mark Dowd, John McDonald, and Justin Schuh

Addison Wesley

2006

ID: REF-62

Likelihood of Exploit

Medium

Applicable Platforms

Languages:

C : UndeterminedC++ : Undetermined

Modes of Introduction

Implementation

Related Weaknesses

ChildOf:

Incorrect Calculation (CWE-682)

Taxonomy Mapping

CLASP
CERT C Secure Coding
CERT C Secure Coding
Software Fault Patterns