QwikSec

Security Database

CVE

CWE

Training

CWE Database
/

CWE-467

Back to CWE list

CWE-467

Use of sizeof() on a Pointer Type

Variant
Draft

Description

The code calls sizeof() on a pointer type, which can be an incorrect calculation if the programmer intended to determine the size of the data that is being pointed to.

The use of sizeof() on a pointer can sometimes generate useful information. An obvious case is to find out the wordsize on a platform. More often than not, the appearance of sizeof(pointer) indicates a bug.

Common Consequences

Scope

Integrity
Confidentiality

Impact

Modify Memory, Read Memory

Potential Mitigations

Implementation

Use expressions such as "sizeof(*pointer)" instead of "sizeof(pointer)", unless you intend to run sizeof() on a pointer type to gain some platform independence or if you are allocating a variable on the stack.

Applicable Platforms

C
C++

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now