...
Assertions should never be used to verify the absence of runtime (as opposed to logic) errors such as:
- invalid user input (including command line arguments and environment variables)
- file errors (for example, errors opening, reading or writing files)
- network errors (including network protocol errors)
- out of memory conditions (for example,
malloc()or similar failures) - system resource exhaustion (for example, out of file descriptors, processes, threads)
- system call errors (for example, errors executing files, locking or unlocking mutexes)
- invalid permissions (for example, file, memory, user)
...
The noncompliant code example below uses the assert() macro to verify that memory allocation succeeded. Because memory availability depends on the overall state of the system and may become exhausted at any point during a process lifetime, a robust program must be prepared to gracefully handle and recover from its exhaustion. Therefore, using the assert() macro to verify that a memory allocation succeeded would be inappropriate as doing so might lead to an abrupt termination of the process and open up the possibility of a denial-of-service attack. See also guidelines MEM11-C. Do not assume infinite heap space and MEM32-C. Detect and handle memory allocation errors.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC11-C | low | unlikely | high | P1 | L3 |
Automated Detection
...
Tool | Version | Checker | Description | |||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|
|
...
|
...
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Other Languages
Related Guidelines
This rule appears in the C++ Secure Coding Standard as : MSC11-CPP. Incorporate diagnostic tests using assertions.
Bibliography
| Wiki Markup |
|---|
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.2.1, "Program diagnostics" |
...