CWE-468: Incorrect Pointer Scaling
CWE版本: 4.18
更新日期: 2025-09-09
弱点描述
In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.
常见后果
影响范围: Confidentiality Integrity
技术影响: Read Memory Modify Memory
说明: Incorrect pointer scaling will often result in buffer overflow conditions. Confidentiality can be compromised if the weakness is in the context of a buffer over-read or under-read.
潜在缓解措施
阶段: Architecture and Design
描述: Use a platform with high-level memory abstractions.
阶段: Implementation
描述: Always use array indexing instead of direct pointer manipulation.
阶段: Architecture and Design
描述: Use technologies for preventing buffer overflows.
引入模式
| 阶段 | 说明 |
|---|---|
| Implementation | Programmers may try to index from a pointer by adding a number of bytes. This is incorrect because C and C++ implicitly scale the operand by the size of the data type. |
适用平台
编程语言
分类映射
| 分类名称 | 条目ID | 条目名称 | 映射适配度 |
|---|---|---|---|
| CLASP | - | Unintentional pointer scaling | - |
| CERT C Secure Coding | ARR39-C | Do not add or subtract a scaled integer to a pointer | Exact |
| CERT C Secure Coding | EXP08-C | Ensure pointer arithmetic is used correctly | - |
| Software Fault Patterns | SFP1 | Glitch in computation | - |