SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 111

changes.mady.by.user Aaron Ballman

Saved on

compared with

New Version 112

changes.mady.by.user Aaron Ballman

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

ALLOC.FNH

Free Non-Heap Variable

Compass/ROSE

  

Can detect some violations of this rule

Coverity

Include Page
Coverity_V
Coverity_V

BAD_FREE

Identifies calls to free() where the argument is a pointer to a function or an array. It also detects the cases where Free is used on an address-of expression, which can never be heap allocated. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary

Klocwork

Include Page
Klocwork_V
Klocwork_V

FNH.MIGHT
FNH.MUST
FUM.GEN.MIGHT
FUM.GEN.MUST

 

LDRA tool suite

Include Page
LDRA_V
LDRA_V

483 S

Fully implemented

Related Vulnerabilities

CVE-2015-0240 describes a vulnerability in which an uninitialized pointer is passed to TALLOC_FREE(), which is a Samba-specific memory deallocation macro that wraps the talloc_free() function. The implementation of  talloc_free() would access the uninitialized pointer, resulting in a remote exploit.

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

CERT C Secure Coding StandardMEM31-C. Free dynamically allocated memory when no longer needed
CERT C++ Coding StandardMEM31MEM51-CPP. Properly deallocate dynamically allocated resources
ISO/IEC TS 17961Reallocating or freeing memory that was not dynamically allocated [xfree]
MITRE CWECWE-590, Free of Memory Not on the Heap

...