...
When it is executed, if expression (which must have a scalar type) is false, the assert macro outputs information about the failed assertion (including the text of the argument, the name of the source file, the source line number, and the name of the enclosing function) on the standard error stream in an implementation-defined format and calls the abort() function.
...
This noncompliant code example uses the assert() macro to verify that memory allocation succeeded. Because memory availability depends on the overall state of the system and can become exhausted at any point during a process lifetime, a robust program must be prepared to gracefully handle and recover from its exhaustion. Therefore, using the assert() macro to verify that a memory allocation succeeded would be inappropriate because doing so might lead to an abrupt termination of the process, opening up the possibility of a denial-of-service attack. See also MEM11-C. Do not assume infinite heap space and MEM32-C. Detect and handle memory allocation errors.
...
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| ASSERT_SIDE_EFFECT | Can detect the specific instance where assertion contains an operation/function call that may have a side effect. |
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
ERR00-C. Adopt and implement a consistent and comprehensive error-handling policy
CERT C++ Secure Coding Standard: MSC11-CPP. Incorporate diagnostic tests using assertions
...