Page History

Wiki MarkupWhen the requested size is zero the behavior of the memory allocation functions {{malloc()}}, {{calloc()}}, and {{realloc()}} is [implementation-defined|BB. Definitions#implementation-defined behavior]. According to C99, Section 7.20.3 \[ [ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\]

If the size of the space requested is zero, the behavior is implementation-defined: either a null pointer is returned, or the behavior is as if the size were some nonzero value, except that the returned pointer shall not be used to access an object.

...

Recommendation	Severity	Likelihood	Remediation Cost	Priority	Level
MEM04-C	low	likely	medium	P6	L2

Automated Detection

Tool

Version

Checker

Description

Section
Compass/ROSE

Section
can detect some violations of this rule. Is particular, it warns when when the argument to `malloc()` is a variable that has not been compared against NULL, or is known at compile time to be 0

...

MITRE CWE: CWE-687, "Function Call With Incorrectly Specified Argument Value"

Bibliography

...

\[[Vanegue 2010|AA. Bibliography#Vanegue 10] \] Julien Vanegue. [Automated vulnerability analysis of zero sized heap allocations|http://hackitoergosum.org/wp-content/uploads/2010/04/HES10-jvanegue_zero- allocations. pdf]. April 2010. \
[[Seacord 2005|AA. Bibliography#Seacord 05] \] Chapter 4, "Dynamic Memory Management"
...
08. Memory Management (MEM)

Space shortcuts

Page tree

Versions Compared

Old Version 97

New Version 98

Key

Automated Detection

Bibliography