SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 174

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 175

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: updated font

...

Failing to free memory can result in the exhaustion of system memory resources, which can lead to a denial-of-service attack.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MEM31-C

Medium

Probable

Medium

P8

L2

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
 

Supported, but no explicit checker
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

ALLOC.LEAK

Leak

Compass/ROSE
   



Coverity

Include Page
Coverity_V
Coverity_V

RESOURCE_LEAK

ALLOC_FREE_MISMATCH

Finds resource leaks from variables that go out of scope while owning a resource

Cppcheck
 
Include Page
Cppcheck_V
Cppcheck_V
 leakReturnValNotUsedDoesn't use return value of memory allocation function
Klocwork
Include Page
Klocwork_V
Klocwork_V

MLK.MIGHT
MLK.MUST
MLK.RET.MUST
MLK.RET.MIGHT

 

LDRA tool suite
Include Page
LDRA_V
LDRA_V

50 D

Partially implemented
Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
BD-RES-LEAK
 
Implemented
Parasoft Insure++
 
 


Detects leaks at runtime
Polyspace Bug FinderR2016aMemory leak

Memory allocated dynamically not freed

PRQA QA-C 9.11771
 

PRQA QA-C++4.2 3337, 3338 
 

SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S3584
 

Splint
Include Page
Splint_V
Splint_V
  


Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

ISO/IEC TR 24772:2013Memory Leak [XYL]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961Failing to close files or free dynamic memory when they are no longer needed [fileclose]Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-401, Improper Release of Memory Before Removing Last Reference ("Memory Leak")2017-07-05: CERT: Exact
CWE 2.11CWE-4042017-07-06: CERT: Rule subset of CWE
CWE 2.11CWE-4592017-07-06: CERT: Rule subset of CWE
CWE 2.11CWE-7712017-07-06: CERT: Rule subset of CWE
CWE 2.11CWE-7722017-07-06: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

...

  • Failure to free resources besides files or memory chunks, such as mutexes)


Bibliography

[ISO/IEC 9899:2011]Subclause 7.22.3, "Memory Management Functions"

...


...