Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft C/C++test 10.4.1 update

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MEM50-CPP

High

Likely

Medium

P18

L1

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC++-MEM50
Clang
Include Page
Clang_V
Clang_V
clang-analyzer-cplusplus.NewDelete
clang-analyzer-alpha.security.ArrayBoundV2 
Checked by clang-tidy, but does not catch all violations of this rule.
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

ALLOC.UAF

Use after free
Compass/ROSE




Coverity

Include Page
Coverity_V
Coverity_V

USE_AFTER_FREE

Can detect the specific instances where memory is deallocated more than once or read/written to the target of a freed pointer

Klocwork
Include Page
Klocwork_V
Klocwork_V

UFM.DEREF.MIGHT
UFM.DEREF.MUST
UFM.FFM.MIGHT
UFM.FFM.MUST
UFM.RETURN.MIGHT
UFM.RETURN.MUST
UFM.USE.MIGHT
UFM.USE.MUST


LDRA tool suite
Include Page
LDRA_V
LDRA_V

483 S, 484 S

Partially implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
BDCERT_CPP-RES-FREEMEM50-a

Do not use resources that have been freed

Parasoft Insure++

Runtime detection
PRQA QA-C++4.1 4303, 4304 
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V586, V774
Splint
Include Page
Splint_V
Splint_V



Related Vulnerabilities

VU#623332 describes a double-free vulnerability in the MIT Kerberos 5 function krb5_recvauth() [VU# 623332].

...