CWE-587: Assignment of a Fixed Address to a Pointer

Description

The product sets a pointer to a specific address other than NULL or 0.

Submission Date :

Dec. 15, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE

Extended Description

Using a fixed address is not portable, because that address will probably not be valid in all environments or platforms.

Example Vulnerable Codes

Example - 1

This code assumes a particular function will always be found at a particular address. It assigns a pointer to that address and calls the function.


// // Here we can inject code to execute.// 
int (*pt2Function) (float, char, char)=0x08040000;int result2 = (*pt2Function) (12, 'a', 'b');

The same function may not always be found at the same memory address. This could lead to a crash, or an attacker may alter the memory at the expected address, leading to arbitrary code execution.

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-344: Use of Invariant Value in Dynamically Changing Context

Go to

CWE-758: Reliance on Undefined, Unspecified, or Implementation-Defined Behavior

Go to

Visit http://cwe.mitre.org/ for more details.