Page History

...

Code Block

bgColor	#FFcccc

enum { MAX_ALLOCATION = 1000 };

int main(int argc, char const char *argv[]) {
  char *str = NULL;
  size_t len;

  if (argc == 2) {
    len = strlen(argv[1])+1;
    if (len > MAX_ALLOCATION) {
      /* Handle Error */
    }
    str = (char *)malloc(len);
    if (str == NULL) {
      /* Handle Allocation Error */
    }
    strcpy(str, argv[1]);
  }
  else {
    str = "usage: $>a.exe [string]";
    printf("%s\n", str);
  }
  /* ... */
  free(str);
  return 0;
}

...

Code Block

bgColor	#ccccff

enum { MAX_ALLOCATION = 1000 };

int main(int argc, char const char *argv[]) {
  char *str = NULL;
  size_t len;

  if (argc == 2) {
    len = strlen(argv[1])+1;
    if (len > MAX_ALLOCATION) {
      /* Handle Error */
    }
    str = (char *)malloc(len);
    if (str == NULL) {
      /* Handle Allocation Error */
    }
    strcpy(str, argv[1]);
  }
  else {
    printf("%s\n", "usage: $>a.exe [string]");
    return -1;
  }
  /* ... */
  free(str);
  return 0;
}

...

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MEM34-C	1 ( low ) 1 (	unlikely )	2 ( medium )	P2	L3

Automated Detection

The Coverity Prevent BAD_FREE checker identifies calls to free() where the argument is a pointer to a function or an array. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary.

...

Space shortcuts

Page tree

Versions Compared

Old Version 46

New Version 47

Key

Automated Detection