...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM32-CPP | high | likely | medium | P18 | L1 |
Automated Detection
The Coverity Prevent Version 5.0 Coverity Code Advisor version 7.5 can detect violations of this rule. The CHECKED_RETURN finds inconsistencies in how function call return values are handled. Coverity Prevent cannot discover all violations of this recommendation, so further verification is necessary.
Fortify SCA Version 5.0 can detect violations of this rule.
Compass/ROSE can detect violations of this rule. In particular, it ensures that variables are compared to NULL before being used, as in VOID EXP34-CPP. Ensure a null pointer is not dereferenced.
Related Vulnerabilities
The vulnerability in Adobe Flash [VU#159523] arises because Flash neglects to check the return value from calloc(). Even though calloc() returns NULL, Flash does not attempt to read or write to the return value, but rather attempts to write to an offset from the return value. Dereferencing NULL usually results in a program crash, but dereferencing an offset from NULL allows an exploit to succeed without crashing the program.
...