SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 94

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 95

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
When the requested size is zero the behavior of the memory allocation functions {{malloc()}}, {{calloc()}}, and {{realloc()}} is [implementation-defined|BB. Definitions#implementation-defined behavior].  According to C99, Section 7.20.3 \[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\]:

If the size of the space requested is zero, the behavior is implementation-defined: either a null pointer is returned, or the behavior is as if the size were some nonzero value, except that the returned pointer shall not be used to access an object.

...

In cases where the memory allocation functions return a non-null pointer, reading from or writing to the allocated memory area results in undefined behavior. Typically, the pointer refers to a zero-length block of memory consisting entirely of control structures. Overwriting these control structures will damage the data structures used by the memory.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MEM04-C

low

likely

medium

P6

L2

Automated Detection

Tool

Version

Checker

Description

Section

Compass/ROSE

 

 

Section

can detect some violations of this rule. Is particular, it warns when when the argument to malloc() is a variable that has not been compared against NULL, or is known at compile time to be 0

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : MEM04-CPP. Do not perform zero length allocations.

Bibliography

Wiki Markup
\[[Vanegue 102010|AA. Bibliography#Vanegue 10]\] Julien Vanegue. [Automated vulnerability analysis of zero sized heap allocations|http://hackitoergosum.org/wp-content/uploads/2010/04/HES10-jvanegue_zero-allocations.pdf]. April 2010.
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory Management Functions"
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 687|http://cwe.mitre.org/data/definitions/687.html], "Function Call With Incorrectly Specified Argument Value"
\[[Seacord 052005|AA. Bibliography#Seacord 05]\] Chapter 4, "Dynamic Memory Management"

...