sizeof()in memory allocation CXX-S1006
malloc function usually expects a memory size value in units (usually
when allocating any type. Use
sizeof(type) * number_of_values as the size argument
malloc to avoid making mistakes.
Pointer offset(or any other arithmetic operation) on a pointer casted to a different type (than its original type) is risky and can result in undefined behaviour. The reason for such behaviour is that the memory alignment may change for types on every targeted platform.
While writing data to a buffer, the program can overrun the buffer's boundary and overwrite adjacent memory locations. These can either cause a crash if the memory region is inaccessible to the process for writing, or in the worst case produce a vulnerability to overwrite parts of the memory with untrusted user code.
system()is exploitable CXX-A1001
system() function in C programming executes a specified command by invoking an implementation-defined command processor, such as a UNIX shell or CMD.EXE in Microsoft Windows. The problem with using system() function is that it can result in exploitable vulnerabilities, allowing for the execution of arbitrary system commands. The risks associated with using the system() function include passing an unsanitized or improperly sanitized command string originating from a tainted source, specifying a command without a path name and the command processor path name resolution mechanism is accessible to an attacker, specifying a relative path to an executable and control over the current working directory is accessible to an attacker, and if the specified executable program can be spoofed by an attacker.
scanf, not using any width for the format specifier
%sis vulnerable to buffer overflow CXX-S1004
Using I/O operations such as
scanf without setting width limits for format strings can allow for buffer overflow when reading from a stdin pipe or writing to a stdout pipe.