SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 10

changes.mady.by.user Martin Sebor

Saved on

compared with

New Version 11

changes.mady.by.user Martin Sebor

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Fixed coding bugs and added a few references.

...

In this example, array is copied into dynamically allocated memory referenced by copy. However, the result of malloc() is not checked before copy is referenced. Consequently, if malloc() fails, the program abnormally terminates.

Code Block
bgColor#FFcccc
void f(const int *array;
, std::size_t size;

/* initialize array and size */

int *) {
  int* copy = (char int*)std::malloc(size * sizeof(int) *copy);
  std::memcpy( copy, array, size * sizeof(int) *copy);
  //* ...
  */
free(copy);
copy = NULL;}

Noncompliant Code Example (std::nothrow)

This example remains noncompliant if we replace malloc() with new(std::nothrow).

Code Block
bgColor#FFcccc
void f(const int* *array;
array, std::size_t size;

/* initialize array and size */

int *) {
  int* copy = new(std::nothrow) int[size];
  std::memcpy( copy, array, size * sizeof(int) *copy);
  //* ... */
free(copy);
copy = NULL;
  delete[] copy;
}

Compliant Solution (std::nothrow)

...

Code Block
bgColor#ccccff
int f(const int*array;
 array, std::size_t size;

/* initialize array and size */

int *) {
  int* const copy = new(std::nothrow) int[size];
  if (copy == NULL) {
    /* Handle allocation error */
} else {
  memcpy( // Indicate error to caller.
    return -1;
  }

  std::memcpy(copy, array, size * sizeof(int) *copy);
  //* ...
 */
 delete[] free(copy);

  // Indicate successful completion.
 copy =return NULL0;
}

Compliant Solution (bad_alloc)

...

Code Block
bgColor#ccccff
int f(const int*array;
 array, std::size_t size) {
  int* copy;

/*  initializetry array{
 and size */

int *copy = new int[size];
  }
  catch (std::bad_alloc&) {
    // Indicate error to caller.
    return -1;
  }

  std::memcpy( copy, array, size * sizeof(int) *copy);
  //* ... */
free(copy);
copy = NULL;
  delete[] copy;

  // Indicate successful completion.
  return 0;
}

Risk Assessment

Failing to detect allocation failures can lead to abnormal program termination and denial-of-service attacks.

...

Wiki Markup
\[[ISO/IEC 9899:1999|AA. References#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory management functions"
\[[ISO/IEC 14882-2003|AA. References#ISO/IEC 14882-2003]\] Section 5.3.4
\[[Meyers 95|AA. References#Meyers 95]\] Item 7. Be prepared for out-of-memory conditions.
\[[MITRE|AA. References#MITRE]\] [CWE ID 252|http://cwe.mitre.org/data/definitions/252.html], "Unchecked Return Value"
\[MITRE\] [CWE ID 391|http://cwe.mitre.org/data/definitions/391.html], "Unchecked Error Condition"
\[MITRE\] [CWE ID 476|http://cwe.mitre.org/data/definitions/476.html], "NULL Pointer Dereference"
\[MITRE\] [CWE ID 690|http://cwe.mitre.org/data/definitions/690.html], "Unchecked Return Value to NULL Pointer Dereference"
\[MITRE\] [CWE ID 703|http://cwe.mitre.org/data/definitions/703.html], "Failure to Handle Exceptional Conditions"
\[MITRE\] [CWE ID 754|http://cwe.mitre.org/data/definitions/754.html], "Improper Check for Unusual or Exceptional Conditions"
\[[Seacord 05|AA. References#Seacord 05]\] Chapter 4, "Dynamic Memory Management"
\[[VU#159523|AA. References#VU#159523]\]

...