1. Home
  2. CWE Database
  3. CWE-468
Base · Medium

CWE-468: Incorrect Pointer Scaling

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

CWE-468 · Base Level ·3 Mitigations

Description

In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

Potential Impact

Confidentiality, Integrity

Read Memory, Modify Memory

Demonstrative Examples

This example attempts to calculate the position of the second byte of a pointer.
Bad
int *p = x;char * second_char = (char *)(p + 1);
In this example, second_char is intended to point to the second byte of p. But, adding 1 to p actually adds sizeof(int) to p, giving a result that is incorrect (3 bytes off on 32-bit platforms). If the resulting memory address is read, this could potentially be an information leak. If it is a write, it could be a security-critical write to unauthorized memory-- whether or not it is a buffer overflow. Note that the above code may also be wrong in other ways, particularly in a little endian environment.

Mitigations & Prevention

Architecture and Design

Use a platform with high-level memory abstractions.

Implementation

Always use array indexing instead of direct pointer manipulation.

Architecture and Design

Use technologies for preventing buffer overflows.

Detection Methods

  • Automated Static Analysis High — Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then sea

CWE-682: Incorrect Calculation

The product performs a calculation that generates incorrect or unintended results that are later used in security-critic...

Taxonomy Mappings

  • CLASP: — Unintentional pointer scaling
  • CERT C Secure Coding: ARR39-C — Do not add or subtract a scaled integer to a pointer
  • CERT C Secure Coding: EXP08-C — Ensure pointer arithmetic is used correctly
  • Software Fault Patterns: SFP1 — Glitch in computation

Frequently Asked Questions

What is CWE-468?

CWE-468 (Incorrect Pointer Scaling) is a software weakness identified by MITRE's Common Weakness Enumeration. It is classified as a Base-level weakness. In C and C++, one may often accidentally refer to the wrong memory due to the semantics of when math operations are implicitly scaled.

How can CWE-468 be exploited?

Attackers can exploit CWE-468 (Incorrect Pointer Scaling) to read memory, modify memory. This weakness is typically introduced during the Implementation phase of software development.

How do I prevent CWE-468?

Key mitigations include: Use a platform with high-level memory abstractions.

What is the severity of CWE-468?

CWE-468 is classified as a Base-level weakness (Medium abstraction). Its actual severity depends on the specific context and how the weakness manifests in your application.