SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 17

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 18

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft C/C++test 10.4.1 update

...

Failing to meet the stated requirements for a replaceable dynamic storage function leads to undefined behavior. The severity of risk depends heavily on the caller of the allocation functions, but in some situations, dereferencing a null pointer can lead to the execution of arbitrary code [Jack 2007van Sprundel 2006]. The indicated severity is for this more severe case.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MEM55-CPP

High

Likely

Medium

P18

L1

Automated Detection

Tool

Version

Checker

Description

Parasoft C/C++test
Include Page
cplusplus:
Parasoft_V
cplusplus:
Parasoft_V
MRM-14, MRM-15 

CERT_CPP-MEM55-a

The user defined 'new' operator should throw the 'std::bad_alloc' exception when the allocation fails

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding Standard

DCL54-CPP. Overload allocation and deallocation functions as a pair in the same scope
OOP56-CPP. Honor replacement handler requirements  

SEI CERT C Coding StandardEXP34-C. Do not dereference null pointers

Bibliography

[ISO/IEC 14882-2014]Subclause 17.6.4.8, "Other Functions"
Subclause 18.6.1, "Storage Allocation and Deallocation" 
[Jack 2007]
 

[van Sprundel 2006]
 

...



...