CWE

Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  
ID

CWE-588: Attempt to Access Child of a Non-structure Pointer

Weakness ID: 588
Abstraction: Variant
Status: Incomplete
Presentation Filter:
+ Description

Description Summary

Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption.
+ Time of Introduction
  • Architecture and Design
  • Implementation
+ Common Consequences
ScopeEffect
Integrity

Technical Impact: Modify memory

Adjacent variables in memory may be corrupted by assignments performed on fields after the cast.

Availability

Technical Impact: DoS: crash / exit / restart

Execution may end due to a memory access error.

+ Demonstrative Examples

Example 1

(Bad Code)
Example Language:
struct foo
{
int i;
}
...
int main(int argc, char **argv)
{
*foo = (struct foo *)main;
foo->i = 2;
return foo->i;
}
+ Potential Mitigations

Phase: Requirements

The choice could be made to use a language that is not susceptible to these issues.

Phase: Implementation

Review of type casting operations can identify locations where incompatible types are cast.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory465Pointer Issues
Development Concepts (primary)699
ChildOfCategoryCategory569Expression Issues
Development Concepts699
ChildOfWeakness ClassWeakness Class704Incorrect Type Conversion or Cast
Research Concepts (primary)1000
ChildOfWeakness ClassWeakness Class758Reliance on Undefined, Unspecified, or Implementation-Defined Behavior
Research Concepts1000
ChildOfCategoryCategory971SFP Secondary Cluster: Faulty Pointer Use
Software Fault Pattern (SFP) Clusters (primary)888
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
Software Fault PatternsSFP7Faulty Pointer Use
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Time_of_Introduction
2008-09-08CWE Content TeamMITREInternal
updated Relationships, Other_Notes
2009-03-10CWE Content TeamMITREInternal
updated Relationships
2009-07-27CWE Content TeamMITREInternal
updated Common_Consequences, Other_Notes
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2012-05-11CWE Content TeamMITREInternal
updated Relationships
2012-10-30CWE Content TeamMITREInternal
updated Potential_Mitigations
2014-07-30CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017