...
Allocating 0 bytes can lead to abnormal program termination.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MEM04-C | Low | Likely | Medium | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||
---|---|---|---|---|---|---|---|
Astrée |
|
Supported, but no explicit checker | |||||||||
CodeSonar |
| (customization) | Users can add a custom check for allocator calls with size argument 0 (this includes literal 0, underconstrained tainted values, and computed values). | ||||||
Compass/ROSE |
Can detect some violations of this rule. In particular, it warns when the argument to | ||
Polyspace Bug Finder |
| Tainted sign change conversion | Value from an unsecure source changes sign |
Size of the variable-length array (VLA) is from an unsecure source and may be zero, negative, or too large |
Size of variable-length array is zero or negative |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | VOID MEM04-CPP. Do not perform zero-length allocations |
MITRE CWE | CWE-687, Function call with incorrectly specified argument value |
Bibliography
[ISO/IEC 9899:2011] | Section 7.22.3, "Memory Management Functions" |
[Seacord 2013] | Chapter 4, "Dynamic Memory Management" |
[Vanegue 2010] | "Automated Vulnerability Analysis of Zero-Sized Heap Allocations" |
...
...