SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 105

changes.mady.by.user Astha Singhal

Saved on

compared with

New Version 106

changes.mady.by.user Astha Singhal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Wiki MarkupAs noted in [undefined behavior 169|CC. Undefined Behavior#ub_169] of Annex J of \ [[ISO/IEC 9899-1999|AA. Bibliography#ISO/IEC 9899-1999]\], the behavior a program is [undefined|BB. Definitions#undefined behavior] when

the pointer argument to the free or realloc function does not match a pointer earlier returned by calloc, malloc, or realloc, or the space has been deallocated by a call to free or realloc.

...

Code Block
bgColor#FFCCCC
langc
/* p is a pointer to dynamically allocated memory */
p2 = realloc(p, size);
if (p2 == NULL) {
  free(p); /* p may be indeterminate when (size == 0) */
  return;
}

...

According   to   the   C99   standard  \ [[ISO/IEC   9899-1999|AA. Bibliography#ISO/IEC 9899-1999]\]   (7.20.3):
 If the size of the space requested is zero, the behavior is implementation defined: either a null pointer is returned, or the behavior is as if the size were some nonzero value, except that the returned pointer shall not be used to access an object. 
...
Tool
Version
Checker
Description
 Section
LDRA tool suite
 Include Page
c:LDRA_Vc:
LDRA_V
 Section
 484 S 
 Section
 Fully Implemented 
 Section
Fortify SCA
 Section
V. 5.0
 Section
Double Free
 
 Section
Splint
 Include Page
c:Splint_Vc:
Splint_V
 
 
 Section
Coverity Prevent




 Include Page
c:Coverity_Vc:
Coverity_V
 Section
RESOURCE_LEAK
 Section
finds resource leaks from variables that go out of scope while owning a resource
 Section
Coverity Prevent




 Include Page
c:Coverity_Vc:
Coverity_V
 Section
USE_AFTER_FREE
 Section
can find the instances where a freed memory is freed again. Coverity Prevent cannot discover all violations of this rule so further verification is necessary
 Section
Compass/ROSE
 
 
 Section
can detect some violations of this rule. In particular, false positives may be raised if a variable is freed by a different function than the one that allocated it. Also, it is unable to warn on cases where a call to free() happens inside of a for-loop
 Section
Klocwork




 Include Page
c:Klocwork_Vc:
Klocwork_V
 Section
MLK 
 UFM.FFM
 
...
MITRE CWE: CWE-415, "Double Free"
Bibliography
 Wiki Markup\[[MIT   2005|AA. Bibliography#MIT 05]\]
\[[]
 [OWASP,   Double   Free|AA. Bibliography#OWASP Double Free]\]
\[[Viega 2005|AA. Bibliography#Viega 05]\] "Doubly freeing memory"
\[[VU#623332|AA. Bibliography#VU623332]\]
 [Viega 2005] "Doubly freeing memory"
 [VU#623332]
...
      08. Memory Management (MEM)      MEM32-C. Detect and handle memory allocation errors