Return of Pointer Value Outside of Expected Range |
Weakness ID: 466 (Weakness Base) | Status: Draft |
Description Summary
Perform a value check on the returned pointer (e.g. value whithin expected range) |
Nature | Type | ID | Name | View(s) this relationship pertains to![]() |
---|---|---|---|---|
ChildOf | ![]() | 20 | Improper Input Validation | Seven Pernicious Kingdoms (primary)700 |
ChildOf | ![]() | 119 | Failure to Constrain Operations within the Bounds of a Memory Buffer | Research Concepts (primary)1000 |
ChildOf | ![]() | 465 | Pointer Issues | Development Concepts (primary)699 |
ChildOf | ![]() | 738 | CERT C Secure Coding Section 04 - Integers (INT) | Weaknesses Addressed by the CERT C Secure Coding Standard (primary)734 |
Mapped Taxonomy Name | Node ID | Fit | Mapped Node Name |
---|---|---|---|
7 Pernicious Kingdoms | Illegal Pointer Value | ||
CERT C Secure Coding | INT11-C | Take care when converting from pointer to integer or integer to pointer |
A weakness where code path has: 1. end statement that returns an address associated with a buffer where address is outside the buffer 2. start statement that computes a position into the buffer |
This entry should have a chaining relationship with CWE-119 instead of a parent / child relationship, however the focus of this weakness does not map cleanly to any existing entries in CWE. A new parent is being considered which covers the more generic problem of incorrect return values. There is also an abstract relationship to weaknesses in which one component sends incorrect messages to another component; in this case, one routine is sending an incorrect value to another. |
Submissions | ||||
---|---|---|---|---|
Submission Date | Submitter | Organization | Source | |
7 Pernicious Kingdoms | Externally Mined | |||
Modifications | ||||
Modification Date | Modifier | Organization | Source | |
2008-07-01 | Eric Dalci | Cigital | External | |
updated Potential Mitigations, Time of Introduction | ||||
2008-08-01 | KDM Analytics | External | ||
added/updated white box definitions | ||||
2008-09-08 | CWE Content Team | MITRE | Internal | |
updated Applicable Platforms, Relationships, Taxonomy Mappings | ||||
2008-11-24 | CWE Content Team | MITRE | Internal | |
updated Relationships, Taxonomy Mappings | ||||
2009-10-29 | CWE Content Team | MITRE | Internal | |
updated Maintenance Notes | ||||
Previous Entry Names | ||||
Change Date | Previous Entry Name | |||
2008-04-11 | Illegal Pointer Value | |||