SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 12

changes.mady.by.user Shishir Kumar Yadav

Saved on

compared with

New Version 13

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
The return values for memory allocation routines indicate the failure or success of the allocation. According to C99, {{calloc()}}, {{malloc()}}, and {{realloc()}} return null pointers if the requested memory allocation fails \[[ISO/IEC 9899:1999|AA. References#ISOBibliography#ISO/IEC 9899-1999]\]. Failure to detect and properly handle memory management errors can lead to unpredictable and unintended program behavior. As a result, it is necessary to check the final status of memory management routines and handle errors appropriately and in accordance with [ERR00-CPP. Adopt and implement a consistent and comprehensive error-handling policy].

By default operator new will throw a std::bad_alloc exception if the allocation fails. Therefore you need not check that the result of operator new is NULL. However, to ease conversion of code to C++, the C++ Standard ISO/IEC 14882-2003 provides a variant of operator new that behaves like malloc():

...

Wiki Markup
The vulnerability in Adobe Flash \[[VU#159523|AA. References#VU#159523Bibliography#VU#159523]\] arises because Flash neglects to check the return value from {{calloc()}}. Even though {{calloc()}} returns NULL, Flash does not attempt to read or write to the return value, but rather attempts to write to an offset from the return value. Dereferencing NULL usually results in a program crash, but dereferencing an offset from NULL allows an exploit to succeed without crashing the program.

...

Wiki Markup
\[[ISO/IEC 9899:1999|AA. References#ISOBibliography#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory management functions"
\[[ISO/IEC 14882-2003|AA. References#ISOBibliography#ISO/IEC 14882-2003]\] Section 5.3.4
\[[Meyers 95|AA. References#MeyersBibliography#Meyers 95]\] Item 7. Be prepared for out-of-memory conditions.
\[[MITRE|AA. References#MITREBibliography#MITRE]\] [CWE ID 252|http://cwe.mitre.org/data/definitions/252.html], "Unchecked Return Value"
\[MITRE\] [CWE ID 391|http://cwe.mitre.org/data/definitions/391.html], "Unchecked Error Condition"
\[MITRE\] [CWE ID 476|http://cwe.mitre.org/data/definitions/476.html], "NULL Pointer Dereference"
\[MITRE\] [CWE ID 690|http://cwe.mitre.org/data/definitions/690.html], "Unchecked Return Value to NULL Pointer Dereference"
\[MITRE\] [CWE ID 703|http://cwe.mitre.org/data/definitions/703.html], "Failure to Handle Exceptional Conditions"
\[MITRE\] [CWE ID 754|http://cwe.mitre.org/data/definitions/754.html], "Improper Check for Unusual or Exceptional Conditions"
\[[Seacord 05|AA. References#SeacordBibliography#Seacord 05]\] Chapter 4, "Dynamic Memory Management"
\[[VU#159523|AA. References#VU#159523Bibliography#VU#159523]\]

...

MEM31-CPP. Free dynamically allocated memory exactly once      08. Memory Management (MEM)      MEM34-CPP. Only free memory allocated dynamically