SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 120

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version 121

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added parasoft

...

Tool

Version

Checker

Description

Clang
Include Page
Clang_V
Clang_V
clang-analyzer-unix.MallocChecked by clang-tidy; can detect some instances of this rule, but does not detect all
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

ALLOC.FNH

Free non-heap variable

Compass/ROSE

  

Can detect some violations of this rule

Coverity

Include Page
Coverity_V
Coverity_V

BAD_FREE

Identifies calls to free() where the argument is a pointer to a function or an array. It also detects the cases where
free() is used on an address-of expression, which can never be heap allocated. Coverity Prevent cannot discover all
violations of this rule, so further verification is necessary

Klocwork

Include Page
Klocwork_V
Klocwork_V

FNH.MIGHT
FNH.MUST
FUM.GEN.MIGHT
FUM.GEN.MUST

 

LDRA tool suite

Include Page
LDRA_V
LDRA_V

407 S, 483 S

Partially implemented
Parasoft C/C++test9.5BD-RES-INVFREE 
Parasoft Insure++  Detecte at runtime

Related Vulnerabilities

CVE-2015-0240 describes a vulnerability in which an uninitialized pointer is passed to TALLOC_FREE(), which is a Samba-specific memory deallocation macro that wraps the talloc_free() function. The implementation of  talloc_free() would access the uninitialized pointer, resulting in a remote exploit.

...