SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 45

changes.mady.by.user Jeffrey Gennari

Saved on

compared with

New Version 46

changes.mady.by.user Jeffrey Gennari

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The result of calling malloc(0) to allocate 0 bytes is implementation defined. In this example, a dynamic array of integers is allocated to store size elements. However, if size is zero, the call to malloc(size) may return a reference to a block of memory of size 0 rather than NULL. When data is copied to this location, a heap-buffer overflow occurs.

Code Block
bgColor#FFcccc

list = malloc(size);
if (list == NULL) {
  /* Handle Allocation Error */
}
/* Continue Processing list */
/* ... */

Compliant Code Example

To ensure that zero is never passed as a size argument to malloc(), a check must be made on size to ensure it is not zero.

Code Block
bgColor#ccccff
if (size <= 0) {
  /* Handle Error */
}
list = malloc(size);
if (list == NULL) {
  /* Handle Allocation Error */
}
/* Continue Processing list */
/* ... */

realloc()

Non-Compliant Code Example

...