SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 98

changes.mady.by.user Aaron Ballman

Saved on

compared with

New Version 99

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

As noted in under undefined behavior 179 of in Annex J of the C Standard [ISO/IEC 9899:2011], the behavior of a program is undefined when

...

This compliant solution eliminates the possibility of str, referencing non-dynamic nondynamic memory when it is supplied to free():

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MEM34-C

highHigh

likelyLikely

mediumMedium

P18

L1

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE

  

Can detect some violations of this rule.

Coverity

Include Page
Coverity_V
Coverity_V

BAD_FREE

Identifies calls to free() where the argument is a pointer to a function or an array. It also detects the cases where Free is used on an address-of expression, which can never be heap allocated. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary

Klocwork

Include Page
Klocwork_V
Klocwork_V

FNH.MIGHT
FNH.MUST
FUM.GEN.MIGHT
FUM.GEN.MUST

 

LDRA tool suite

Include Page
LDRA_V
LDRA_V

483 S

Fully implemented

...

CERT C Secure Coding StandardMEM31-C. Free dynamically allocated memory exactly once
CERT C++ Secure Coding StandardMEM34-CPP. Only free memory allocated dynamically
ISO/IEC TS 17961 (Draft)Reallocating or freeing memory that was not dynamically allocatied [xfree]
MITRE CWECWE-590, Free of invalid pointer not on the heap

...

[Seacord 2013]Chapter 4, "Dynamic Memory Management"
[ISO/IEC 9899:2011]Annex J, subclause J.2, "Undefined behaviorBehavior"

 

...