Attempt to Access Child of a Non-structure Pointer
This vulnerability occurs when code incorrectly treats a pointer to a basic data type (like an integer) as if it points to a structured object (like a 'struct' in C). The program then tries to access a member field that doesn't exist at that memory location, which can cause crashes or corrupt adjacent data.
At its core, this issue is a type confusion error. The developer assumes a block of memory is organized as a specific structure with defined fields, but in reality, it holds a different, simpler type. When the code attempts to read or write to a supposed structure member, it calculates an offset into memory that is meaningless for the actual data stored there. This leads to accessing unintended memory locations, resulting in segmentation faults, unpredictable program behavior, or the silent corruption of other variables. To prevent this, always ensure type consistency when casting pointers. Use strict compiler warnings and static analysis tools to catch questionable casts. When working with raw memory buffers or generic pointers (like `void*`), implement explicit checks or use tagged unions to track the actual data type before performing any structure-like access. Defensive programming and clear code documentation about data layout are essential safeguards.
Impact: Modify Memory
Adjacent variables in memory may be corrupted by assignments performed on fields after the cast.
Impact: DoS: Crash, Exit, or Restart
Execution may end due to a memory access error.
Code Example:
c- Software Fault Patterns