SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 116

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Dynamic memory management is a common source of programming flaws that can lead to security vulnerabilities. Decisions regarding how dynamic memory is allocated, used, and deallocated are the burden of the programmer. Poor memory management can lead to security issues, such as heap-buffer overflows, dangling pointers, and double-free issues [Seacord 2013]. From the programmer's perspective, memory management involves allocating memory, reading and writing to memory, and deallocating memory.

...

To avoid these situations, memory should be allocated and freed at the same level of abstraction and, ideally, in the same code module. This includes the use of the following memory allocation and deallocation functions described in Section subclause 7.23.3 of the C Standard [ISO/IEC 9899:2011]:

Code Block
void *malloc(size_t size);

void *calloc(size_t nmemb, size_t size);

void *realloc(void *ptr, size_t size);

void *aligned_alloc(size_t alignment, size_t size);
 
void free(void *ptr);

...

The mismanagement of memory can lead to freeing memory multiple times or writing to already freed memory. Both of these coding errors can result in an attacker executing arbitrary code with the permissions of the vulnerable process. Memory management errors can also lead to resource depletion and denial-of-service attacks.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MEM00-C

high

High

probable

Probable

medium

Medium

P12

L1

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

ALLOC.DF
ALLOC.LEAK

Double free
Leak

Compass/ROSE
 

 



Could detect possible violations by reporting any function that has malloc() or free() but not both. This would catch some false positives, as there would be no way to tell if malloc() and free() are at the same level of abstraction if they are in different functions

.

Coverity6.5RESOURCE_LEAKFully
Implemented.

Fortify SCA

5.0

 

Can detect violations of this rule with CERT C Rule Pack.
implemented
Klocwork
Include Page
Klocwork_V
Klocwork_V
FREE.INCONSISTENT
UFM.FFM.MIGHT
UFM.FFM.MUST
UFM.DEREF.MIGHT
UFM.DEREF.MUST
UFM.RETURN.MIGHT
UFM.RETURN.MUST
UFM.USE.MIGHT
UFM.USE.MUST
MLK.MIGHT
MLK.MUST
MLK.RET.MIGHT
MLK.RET.MUST
FNH.MIGHT
FNH.MUST
FUM.GEN.MIGHT
FUM.GEN.MUST
RH.LEAK
LDRA tool suite
Include Page
LDRA_V
LDRA_V

50 D

Partially implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-MEM00-a
CERT_C-MEM00-b
CERT_C-MEM00-c
CERT_C-MEM00-d
CERT_C-MEM00-e

Do not allocate memory and expect that someone else will deallocate it later
Do not allocate memory and expect that someone else will deallocate it later
Do not allocate memory and expect that someone else will deallocate it later
Do not use resources that have been freed
Ensure resources are freed

Parasoft Insure++

Runtime analysis
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

449, 2434

Partially supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. MEM00-C


Checks for:

  • Invalid free of pointer
  • Deallocation of previously deallocated pointer
  • Use of previously freed pointer

Rec. partially covered.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++
Secure
Coding StandardVOID MEM11-CPP. Allocate and free memory in the same module, at the same level of abstraction
ISO/IEC TR 24772:2013Memory Leak [XYL]
MITRE CWECWE-
416
415,
Use after
Double free
CWE-
415
416,
Double
Use after free

Bibliography

[MIT 2004]
 

[Plakosh 2005]
 

[Seacord 2013]Chapter 4, "Dynamic Memory Management"

...


...

Image Modified Image Modified Image Modified