This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Improper pointer subtraction
From OWASP
This page contains out-of-date content. Please help OWASP to FixME.
Last revision (yyyy-mm-dd): 2017-07-31
Comment: The page should be review updated.It requires better explanation
Last revision (yyyy-mm-dd): 2017-07-31
Comment: The page should be review updated.It requires better explanation
Overview
The subtraction of one pointer from another in order to determine size is dependant on the assumption that both pointers exist in the same memory chunk.
Consequences
- Authorization: There is the potential for arbitrary code execution with privileges of the vulnerable program.
Exposure period
- Pre-design through Build: The use of tools to prevent these errors should be used.
- Implementation: Many logic errors can lead to this condition. It can be exacerbated by lack of or misuse of mitigating technologies.
Platform
- Languages: C/C++/C#
- Operating Platforms: Any
Required resources
Any
Severity
High
Likelihood of exploit
Medium
Avoidance and mitigation
- Pre-design through Build: Most static analysis programs should be able to catch these errors.
- Implementation: Save an index variable. This is the recommended solution. Rather than subtract pointers from one another, use an index variable of the same size as the pointers in question. Use this variable "walk" from one pointer to the other and calculate the difference. Always sanity check this number.
Related problems
Any
