SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 69

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 70

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Note that the maximum amount of allocatable memory is typically limited to a value less than SIZE_MAX (the maximum value of size_t). Always check the return value from a call to any memory allocation function in compliance with guideline MEM32-C. Detect and handle memory allocation errors.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MEM07-C

high

unlikely

medium

P6

L2

Automated Detection

Tool

Version

Checker

Description

Section

Compass/ROSE

...

 

 

 

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : MEM07-CPP. Ensure that the arguments to calloc(), when multiplied, can be represented as a size_t.

Bibliography

Wiki Markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.18.3, "Limits of other integer types"
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 190|http://cwe.mitre.org/data/definitions/190.html], "Integer Overflow (Wrap or Wraparound)," and [CWE ID 128|http://cwe.mitre.org/data/definitions/128.html], "Wrap-around Error"
\[[Seacord 052005|AA. Bibliography#Seacord 05]\] Chapter 4, "Dynamic Memory Management"
\[[RUS-CERT|AA. Bibliography#RUS-CERT]\] Advisory 2002-08:02, "Flaw in calloc and similar routines"
\[[Secunia|AA. Bibliography#Secunia]\] Advisory SA10635, "HP-UX calloc Buffer Size Miscalculation Vulnerability"

...