Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Allocating 0 bytes can lead to abnormal program termination.

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MEM04-C

Low

Likely

Medium

P6

L2

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported, but no explicit checker
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
(customization)Users can add a custom check for allocator calls with size argument 0 (this includes literal 0, underconstrained tainted values, and computed values). 
Compass/ROSE
 

 



Can detect some violations of this rule. In particular, it warns when the argument to malloc() is a variable that has not been compared against 0 or that is known at compile time to be 0

Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-MEM04-aThe validity of values passed to library functions shall be checked
Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. MEM04-C


Checks for:

  • Variable length array with nonpositive size
  • Tainted sign change conversion
  • Tainted size of variable length array

Rec. fully covered.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

 Bibliography

[ISO/IEC 9899:2011]Section 7.22.3, "Memory Management Functions"
[Seacord 2013]Chapter 4, "Dynamic Memory Management"
[Vanegue 2010]"Automated Vulnerability Analysis of Zero-Sized Heap Allocations"

...


...

Image Modified Image Modified Image Modified