SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 50

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 51

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Because malloc() is only called if p is NULL when entering the if clause, free() might be called with a pointer to local data not allocated by malloc(). (see See guideline MEM34-C. Only free memory allocated dynamically.) . This is partially due to the uncertainty of whether malloc() is actually called or not.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

EXP02-C

low

unlikely

medium

P2

L3

Automated Detection

...

Tool

Version

Checker

Description

Section

LDRA tool suite

...

Include Page
c:LDRA_V
c:LDRA_V

 

 

Section

Compass/ROSE

 

 

Section

could detect possible violations of this recommendation by reporting expressions with side effects, including function calls, that appear on the right-hand-side of an && or || operator.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : EXP02-CPP. Be aware of the short-circuit behavior of the logical AND and OR operators.

Bibliography

Wiki Markup
\[[CWE|AA. Bibliography#CWE]\] [CWE-768|http://cwe.mitre.org/data/definitions/768.html]: Incorrect Short Circuit Evaluation
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 6.5.13, "Logical AND operator," and Section 6.5.14, "Logical OR operator"

...