SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 15

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 16

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Process heap space is not infinite. Rather, it is typically bounded by the sum of the amount of physical memory and the swap space allocated to the operating system by the administrator. For example, a system with 1GB of physical memory configured with 2GB of swap space may be able to allocate at most 3GB of heap space total to all running processes (minus the size of the operating system itself and the text and data segments of all running processes). Once all virtual memory has been allocated, requests for more memory will fail. As discussed in guideline MEM32-C. Detect and handle memory allocation errors, programs that fail to check for and properly handle memory allocation failures will have undefined behavior and are likely to crash when heap space is exhausted. Heap exhaustion can result from:

  • A memory leak
  • An infinite loop
  • The program requires requiring more memory than is present by default in the heap
  • Incorrect implementation of common data structures (for example, hash tables or vectors)
  • Overall system memory is being exhausted, possibly because of other processes
  • The maximum size of a process' data segment (set by setrlimit()) has been being exceeded

If malloc() is unable to return the requested memory, it returns NULL instead.

However, simply checking for and handling memory allocation failures may not be sufficient. Programs, such as long running servers that manipulate large data sets, need to be designed in a way that permits them to deliver their services when system resources, including the heap, are in short supply. Making use of additional storage devices, such as disk space or databases, is essential in such systems.

...

A heap error will be generated if the heap continues to be populated, even if there is no space available.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : MEM12-CPP. Do not assume infinite heap space.This

rule appears in the Java Secure Coding Standard as : MSC11-J. Do not assume infinite heap space.

Bibliography

Wiki Markup
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE-770|http://cwe.mitre.org/data/definitions/770.html], "Allocation of Resources Without Limits or Throttling"

...