Kingdom: Environment

This section includes everything that is outside of the source code but is still critical to the security of the product that is being created. Because the issues covered by this kingdom are not directly related to source code, we separated it from the rest of the kingdoms.

Insecure Compiler Optimization: Pointer Arithmetic

C/C++

Abstract

Array bounds check could be mistakenly optimized out.

Explanation

If an array bounds check involves computing an illegal pointer and then determining that the pointer is out of bounds, some compilers will optimize the check away, assuming that the programmer would never intentionally create an illegal pointer.

Example 1:


  char *buf;
  int len;
  ...
  len = 1<<30;

  if (buf+len < buf)  //wrap check
    [handle overflow]

The operation buf + len is larger than 2^32, so the resulting value is smaller than buf. But since an arithmetic overflow on a pointer is undefined behavior, some compilers will assume buf + len >= buf and optimize away the wrap check. As a result of this optimization, code following this block could be vulnerable to buffer overflow.

References

[1] Vulnerability Note VU#162289 CERT

[2] Standards Mapping - Common Weakness Enumeration CWE ID 733

[3] Standards Mapping - DISA Control Correlation Identifier Version 2 CCI-002824

[4] Standards Mapping - General Data Protection Regulation (GDPR) Indirect Access to Sensitive Data

[5] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C Guidelines 2023 Rule 18.1

[6] Standards Mapping - Motor Industry Software Reliability Association (MISRA) C++ Guidelines 2023 Rule 8.7.1

[7] Standards Mapping - NIST Special Publication 800-53 Revision 4 SC-4 Information in Shared Resources (P1), SI-16 Memory Protection (P1)

[8] Standards Mapping - NIST Special Publication 800-53 Revision 5 SC-4 Information in Shared System Resources, SI-16 Memory Protection

[9] Standards Mapping - OWASP Mobile 2014 M4 Unintended Data Leakage

[10] Standards Mapping - OWASP Mobile Application Security Verification Standard 2.0 MASVS-STORAGE-2

[11] Standards Mapping - OWASP Top 10 2004 A5 Buffer Overflow

[12] Standards Mapping - OWASP Top 10 2013 A6 Sensitive Data Exposure

[13] Standards Mapping - OWASP Top 10 2017 A3 Sensitive Data Exposure

[14] Standards Mapping - OWASP Top 10 2021 A05 Security Misconfiguration

[15] Standards Mapping - Payment Card Industry Data Security Standard Version 1.1 Requirement 6.5.5

[16] Standards Mapping - Payment Card Industry Data Security Standard Version 2.0 Requirement 6.5.2

[17] Standards Mapping - Payment Card Industry Data Security Standard Version 3.0 Requirement 6.5.2

[18] Standards Mapping - Payment Card Industry Data Security Standard Version 3.1 Requirement 6.5.2

[19] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2 Requirement 6.5.2

[20] Standards Mapping - Payment Card Industry Data Security Standard Version 3.2.1 Requirement 6.5.2

[21] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0 Requirement 6.2.4

[22] Standards Mapping - Payment Card Industry Data Security Standard Version 4.0.1 Requirement 6.2.4

[23] Standards Mapping - Payment Card Industry Software Security Framework 1.0 Control Objective 4.2 - Critical Asset Protection

[24] Standards Mapping - Payment Card Industry Software Security Framework 1.1 Control Objective 4.2 - Critical Asset Protection

[25] Standards Mapping - Payment Card Industry Software Security Framework 1.2 Control Objective 4.2 - Critical Asset Protection

[26] Standards Mapping - Security Technical Implementation Guide Version 3.1 APP3590.1 CAT I

[27] Standards Mapping - Security Technical Implementation Guide Version 3.4 APP3590.1 CAT I

[28] Standards Mapping - Security Technical Implementation Guide Version 3.5 APP3590.1 CAT I

[29] Standards Mapping - Security Technical Implementation Guide Version 3.6 APP3590.1 CAT I

[30] Standards Mapping - Security Technical Implementation Guide Version 3.7 APP3590.1 CAT I

[31] Standards Mapping - Security Technical Implementation Guide Version 3.9 APP3590.1 CAT I

[32] Standards Mapping - Security Technical Implementation Guide Version 3.10 APP3590.1 CAT I

[33] Standards Mapping - Security Technical Implementation Guide Version 4.2 APSC-DV-002590 CAT I

[34] Standards Mapping - Security Technical Implementation Guide Version 4.3 APSC-DV-002590 CAT I

[35] Standards Mapping - Security Technical Implementation Guide Version 4.4 APSC-DV-002590 CAT I

[36] Standards Mapping - Security Technical Implementation Guide Version 4.5 APSC-DV-002590 CAT I

[37] Standards Mapping - Security Technical Implementation Guide Version 4.6 APSC-DV-002590 CAT I

[38] Standards Mapping - Security Technical Implementation Guide Version 4.7 APSC-DV-002590 CAT I

[39] Standards Mapping - Security Technical Implementation Guide Version 4.8 APSC-DV-002590 CAT I

[40] Standards Mapping - Security Technical Implementation Guide Version 4.9 APSC-DV-002590 CAT I

[41] Standards Mapping - Security Technical Implementation Guide Version 4.10 APSC-DV-002590 CAT I

[42] Standards Mapping - Security Technical Implementation Guide Version 4.11 APSC-DV-002590 CAT I

[43] Standards Mapping - Security Technical Implementation Guide Version 4.1 APSC-DV-002590 CAT I

[44] Standards Mapping - Security Technical Implementation Guide Version 5.1 APSC-DV-002590 CAT I

[45] Standards Mapping - Security Technical Implementation Guide Version 5.2 APSC-DV-002590 CAT I

[46] Standards Mapping - Security Technical Implementation Guide Version 5.3 APSC-DV-002590 CAT I

[47] Standards Mapping - Security Technical Implementation Guide Version 6.1 APSC-DV-002590 CAT I

[48] Standards Mapping - Security Technical Implementation Guide Version 6.2 APSC-DV-002590 CAT I

desc.structural.cpp.insecure_compiler_optimization_pointer_arithmetic