SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 47

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 48

changes.mady.by.user Anirban Gangopadhyay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

It is difficult to pinpoint violations of this recommendation because static analysis tools are currently unable to identify code that can lead to heap exhaustion. The heap size also varies for different runtime environments.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MEM11-C

Low

Probable

High

P2

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

ALLOC.LEAK
IO.TAINT.SIZE
MISC.MEM.SIZE.BAD
(general)

Leak
Tainted allocation size
Unreasonable size argument
Library models account for allocator failure cases

LDRA tool suite
Include Page
LDRA_V
LDRA_V

26 S, 140 S, 6 D, 28 D, 5 C, 1 U

Partially implemented
Polyspace Bug Finder
R2016a

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

Memory leak

Memory allocation with tainted size

Tainted sign change conversion

Unprotected dynamic memory allocation

Memory allocated dynamically not freed

Size argument to memory function is from an unsecure source

Value from an unsecure source changes sign

Pointer returned from dynamic allocation not checked for NULL value

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID MEM12-CPP. Do not assume infinite heap space
CERT Oracle Secure Coding Standard for JavaMSC05-J. Do not exhaust heap space
MITRE CWECWE-770, Allocation of resources without limits or throttling

...


...