CXX.FUNC.MEMSET.BUILTIN

Calls to memset must not pass a reference to a structure containing non-builtin types.

Calls to memset must not pass a reference to an object or an object address. Only a pointer to an object or array are accepted.

Vulnerability and risk

When the sizeof operator is applied to a class, struct, or union type, the result is the number of bytes in an object of that type, plus any padding added to align members on word boundaries. The result does not necessarily correspond to the size calculated by adding the storage requirements of the individual members.

Mitigation and prevention

Use a standard structure initialization instead of a memset, or pass a pointer to the object to the object in place of the address or reference.

Example

Copy

1
2
3
4
5
6
7
8
9
10
11
12
13
struct TestStruct
{
    int a;
    std::string b;
};

TestStruct t = {};              // This initialization is OK

void foo ()
{
    TestStruct t1;
    memset(&t1, 0, sizeof t1);  // This 'ruins' member 'b' of our struct
}                               // Application crashes here

The memset function takes the address of t1 as a parameter. The object t1 is of type TestStruct and Test Struct has a non-builtin type member, b (of type std::string), so this will cause the application to crash. Consider using the structure initialization above, instead.