SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 84

changes.mady.by.user Astha Singhal

Saved on

compared with

New Version 85

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

As noted in undefined behavior 169179 of Annex J of [ISO/IEC 9899-1999:2011], the behavior a of a program is undefined when

the pointer argument to the free or realloc function does not match a pointer earlier returned by calloc, malloc, or realloc, or the space has been deallocated by a call to free or realloc.

Freeing memory that is not allocated dynamically can lead to serious errors similar to those discussed in rule MEM31-C. Free dynamically allocated memory exactly once. The specific consequences of this error depend on the implementation, but they range from nothing to abnormal program termination. Regardless of the implementation, avoid calling free() on anything other than a pointer returned by a dynamic-memory allocation function, such as malloc(), calloc(), or realloc().

...

Code Block
bgColor#FFcccc
langc

enum { MAX_ALLOCATION = 1000 };

int main(int argc, const char *argv[]) {
  char *str = NULL;
  size_t len;

  if (argc == 2) {
    len = strlen(argv[1])+1;
    if (len > MAX_ALLOCATION) {
      /* Handle error */
    }
    str = (char *)malloc(len);
    if (str == NULL) {
      /* Handle allocation error */
    }
    strcpy(str, argv[1]);
  }
  else {
    str = "usage: $>a.exe [string]";
    printf("%s\n", str);
  }
  /* ... */
  free(str);
  return 0;
}

...

Code Block
bgColor#ccccff
langc

enum { MAX_ALLOCATION = 1000 };

int main(int argc, const char *argv[]) {
  char *str = NULL;
  size_t len;

  if (argc == 2) {
    len = strlen(argv[1])+1;
    if (len > MAX_ALLOCATION) {
      /* Handle error */
    }
    str = (char *)malloc(len);
    if (str == NULL) {
      /* Handle allocation error */
    }
    strcpy(str, argv[1]);
  }
  else {
    printf("%s\n", "usage: $>a.exe [string]");
    return -1;
  }
  /* ... */
  free(str);
  return 0;
}

...

sectionsectionsection Implemented sectionsectionidentifies sectionsectioncan

Tool

Version

Checker

Description

LDRA tool suite

Include Page
LDRA_V
LDRA_V

483 S

Fully implemented.

Coverity Prevent

Include Page
Coverity_V
Coverity_V

BAD_FREE

Section

Identifies calls to free() where the argument is a pointer to a function or an array. It also detects the cases where Free is used on an address-of expression, which can never be heap allocated. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary

.

Klocwork

Include Page
Klocwork_V
Klocwork_V

FNH.MIGHT
FNH.MUST
FUM.GEN.MIGHT
FUM.GEN.MUST

 
Section

Compass/ROSE

  
Section

Can detect some violations of this rule.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

CERT C++ Secure Coding Standard: MEM34-CPP. Only free memory allocated dynamically

ISO/IEC 9899:19992011 Section 7.2022.3, "Memory management functions"

ISO/IEC TR 17961 (Draft) Reallocating or freeing memory that was not dynamically allocatied [xfree]

MITRE CWE: CWE-590, "Free of Invalid Pointer Not on the Heap"

...