Insufficiently restricted file uploads can allow a file to be uploaded that runs malicious code. For example, a website that doesn't check the file extension of an image can be exploited by uploading a script with an extension, such as `.php` or `.asp`, that can be run on the server.

Unsafe File Extension

Insufficiently restrictive file uploads can lead to inadvertently running malicious code.

We observed that memory use after free condition leads to memory corruption and undefined behavior. It can cause crashes at best, or allow attackers to violate memory safety and exploit the code at worst.

Incorrect Use Of Free

Using memory after it has been freed can lead to unexpected behavior or exploitation.

The functions `atoi()`, `atol()` and `atoll()` do not allow specifying the numeric base or checking for conversion errors. If the input string is invalid or out of the supported range, they invoke undefined behavior instead of returning an error. `Strtol()` and its variants `strtoll()` and `strtoull()` are safer alternatives as they allow specifying the base and return a pointer to the next unparsed character. This pointer can be checked against the original string to ensure the entire string was parsed.

Incorrect Use Ato Fn

Use `strtol()` instead of `atoi()` for string to number conversions to avoid undefined behavior from invalid inputs.

Amazon Q

Detector Library

C detectors (34/34)

Critical

Unsafe File Extension

Incorrect Use Of Free

Incorrect Use Ato Fn