SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 119

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 120

changes.mady.by.user Martin Sebor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Made CWE references easier to spot.

...

See MSC06-C. Be aware of compiler optimization when dealing with sensitive data for a definition and discussion of using the memset_s() function.

Noncompliant Code Example

...

(realloc())

Reallocating memory using the realloc() function is a regenerative case of freeing memory. The realloc() function deallocates the old object and returns a pointer to a new object.

...

Wiki Markup
\[[Black 07|AA. Bibliography#Black 07]\]
\[[CWE|AA. Bibliography#CWE]\] [CWE-226|http://cwe.mitre.org/data/definitions/226.html]: Sensitive Information Uncleared Before Release
\[CWE\] [CWE-244|http://cwe.mitre.org/data/definitions/244.html]: Failure to Clear Heap Memory Before Release ('Heap Inspection')
\[[Fortify 06|AA. Bibliography#Fortify 06]\]
\[[Graff 03|AA. Bibliography#Graf 03]\]
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory management functions"
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "XZK Sensitive Information Uncleared Before Use"
Wiki Markup
\[[MITRE 07|AA. Bibliography#MITRE 07]\] [CWE ID 226|http://cwe.mitre.org/data/definitions/226.html], "Sensitive Information Uncleared Before Release," [CWE ID 244|http://cwe.mitre.org/data/definitions/244.html], and "Failure to Clear Heap Memory Before Release"

...

      08. Memory Management (MEM)      MEM04-C. Do not perform zero length allocations