SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 95

changes.mady.by.user Melanie Thompson

Saved on

compared with

New Version 96

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

However, this commonly recommended idiom has problems with zero-length allocations. If the value of nsize in this example is 0, the standard allows the option of either returning a null pointer or returning a pointer to an invalid (e.g.for example, zero-length) object. In cases where the realloc() function frees the memory but returns a null pointer, execution of the code in this example results in a double free. If the realloc() function returns a non-null value, but the size was 0, the returned memory will be of size 0, and a heap overflow will occur if nonempty data is copied there.

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard: MEM04-CPP. Do not perform zero length allocations

ISO/IEC 9899:1999 Section 7.20.3, "Memory Management Functions"

MITRE CWE: CWE-687, "Function Call With Incorrectly Specified Argument Value"

Bibliography

Wiki Markup
\[[Vanegue 2010|AA. Bibliography#Vanegue 10]\] Julien Vanegue. [Automated vulnerability analysis of zero sized heap allocations|http://hackitoergosum.org/wp-content/uploads/2010/04/HES10-jvanegue_zero-allocations.pdf]. April 2010.
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory Management Functions"
\[[MITRE 2007|AA. Bibliography#MITRE 07]\] [CWE ID 687|http://cwe.mitre.org/data/definitions/687.html], "Function Call With Incorrectly Specified Argument Value"
\[[Seacord 2005|AA. Bibliography#Seacord 05]\] Chapter 4, "Dynamic Memory Management"

...