SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 148

changes.mady.by.user Amy Gale

Saved on

compared with

New Version 149

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
(customization)Users can add a custom check for use of realloc().

Compass/ROSE

 

 

Could detect possible violations of this rule by first flagging any usage of realloc(). Also, it could flag any usage of free that is not preceded by code to clear out the preceding memory, using memset. This heuristic is imperfect because it flags all possible data leaks, not just leaks of "sensitive" data, because ROSE cannot tell which data is sensitive

Klocwork

Include Page
Klocwork_V
Klocwork_V

SV.USAGERULES.UNINTENDED_COPY

 

PRQA QA-C
Include Page
PRQA QA-C_Vv
PRQA QA-C_Vv
warncall for reallocPartially implemented

...

Related Guidelines

CERT C++ Secure Coding StandardMEM03-CPP. Clear sensitive information stored in returned reusable resources
ISO/IEC TR 24772:2013Sensitive Information Uncleared Before Use [XZK]
MITRE CWECWE-226, Sensitive information uncleared before release
CWE-244, Failure to clear heap memory before release ("heap inspection")

...