...
Allocating 0 bytes can lead to abnormal program termination.
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM04-C | Low | Likely | Medium | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported, but no explicit checker | |||||||
| CodeSonar |
| (customization) | Users can add a custom check for allocator calls with size argument 0 (this includes literal 0, underconstrained tainted values, and computed values). | ||||||
| Compass/ROSE |
Can detect some violations of this rule. In particular, it warns when the argument to | |||||||||
| Parasoft C/C++test |
| CERT_C-MEM04-a | The validity of values passed to library functions shall be checked | ||||||
| Polyspace Bug Finder |
|
| Checks for: |
Tainted sign change conversion
Tainted size of variable length array
|
Value from an unsecure source changes sign
Rec. fully covered. |
Size of the variable-length array (VLA) is from an unsecure source and may be zero, negative, or too large
Size of variable-length array is zero or negative
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | VOID MEM04-CPP. Do not perform zero-length allocations |
| MITRE CWE | CWE-687, Function call with incorrectly specified argument value |
Bibliography
| [ISO/IEC 9899:2011] | Section 7.22.3, "Memory Management Functions" |
| [Seacord 2013] | Chapter 4, "Dynamic Memory Management" |
| [Vanegue 2010] | "Automated Vulnerability Analysis of Zero-Sized Heap Allocations" |
...
...