...
A small collection of macros can provide secure implementations for common uses for the standard memory allocation functions. The omission of a REALLOC() macro is intentional. (See guideline recommendation MEM08-C. Use realloc() only to resize dynamically allocated arrays.)
...
If one or more of the operands to the multiplication operations used in many of these macro definitions can be influenced by untrusted data, these operands should be checked for overflow before invoking the macro. (See guideline rule INT32-C. Ensure that operations on signed integers do not result in overflow.)
The use of type-generic function-like macros is an allowed exception (PRE00-EX4) to guideline recommendation PRE00-C. Prefer inline or static functions to function-like macros.
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
CERT C++ Secure Coding Standard: MEM02-CPP. Immediately cast the result of a memory allocation function call into a pointer to the allocated type
Bibliography
unmigrated-wiki-markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory management functions"
Bibliography
| Wiki Markup |
|---|
\[[Summit 2005|AA. Bibliography#Summit 05]\] [Question 7.7|http://c-faq.com/malloc/cast.html] and [Question 7.7b|http://c-faq.com/malloc/mallocnocast.html] |
...