...
| Code Block | ||
|---|---|---|
| ||
size_t nsize;
/* initialize nsize */
char *p2;
char *p = (char *)malloc(100);
if (p == NULL) {
/* Handle Error */
}
/* ... */
p2 = NULL;
if (nsize != 0) {
p2 = (char *)realloc(p, nsize);
}
if (p2 == NULL) {
free(p);
p = NULL;
return NULL;
}
p = p2;
|
Risk Assessment
Allocating zero bytes can lead to abnormal program termination.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM04-C | low | likely | medium | P6 | L2 |
Automated Detection
Compass/ROSE can some violations of this rule. Is particular, it warns when when the argument to malloc() is a variable that has not been compared against NULL, or is known at compile time to be 0.
Risk Assessment
Allocating zero bytes can lead to abnormal program termination.
...
Recommendation
...
Severity
...
Likelihood
...
Remediation Cost
...
Priority
...
Level
...
MEM04-C
...
low
...
likely
...
medium
...
P6
...
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...