CWE-135: Incorrect Calculation of Multi-Byte String Length
ID
CWE-135
Abstraction
Base
Structure
Simple
Status
Draft
The product does not correctly calculate the length of strings that can contain wide or multi-byte characters.
Modes of Introduction
| Phase | Note |
|---|---|
| Implementation | There are several ways in which improper string length checking may result in an exploitable condition. All of these, however, involve the introduction of buffer overflow conditions in order to reach an exploitable state. The first of these issues takes place when the output of a wide or multi-byte character string, string-length function is used as a size for the allocation of memory. While this will result in an output of the number of characters in the string, note that the characters are most likely not a single byte, as they are with standard character strings. So, using the size returned as the size sent to new or malloc and copying the string to this newly allocated memory will result in a buffer overflow. Another common way these strings are misused involves the mixing of standard string and wide or multi-byte string functions on a single string. Invariably, this mismatched information will result in the creation of a possibly exploitable buffer overflow condition. |
Applicable Platforms
| Type | Class | Name | Prevalence |
|---|---|---|---|
| Language | C | ||
| Language | C++ |
Loading...