SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 143

changes.mady.by.user Anirban Gangopadhyay

Saved on

compared with

New Version Current

changes.mady.by.user Caden Milne

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated references from C11->C23

The C Standard, Annex J (184) [ISO/IEC 9899:20112024], states that the behavior of a program is undefined when

...

FNHFree non-heap variableFUM.GEN.MIGHT
FUM.GEN.MUSTBDRESINVFREEImplementedDetect at runtime

Invalid free of pointer

MISRA 2012 Rule 22.2

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

invalid-free

Fully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-MEM34Can detect memory deallocations for stack objects
Clang
Include Page
Clang_V
Clang_V
clang-analyzer-unix.MallocChecked by clang-tidy; can detect some instances of this rule, but does not detect all
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

ALLOC.

TM

Type Mismatch

Compass/ROSE

Can detect some violations of this rule

Coverity

Include Page
Coverity_V
Coverity_V

BAD_FREE

Identifies calls to free() where the argument is a pointer to a function or an array. It also detects the cases where
free() is used on an address-of expression, which can never be heap allocated. Coverity Prevent cannot discover all
violations of this rule, so further verification is necessary

Cppcheck

Include Page
Cppcheck_V
Cppcheck_V

autovarInvalidDeallocation
mismatchAllocDealloc		Partially implemented
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

autovarInvalidDeallocation
mismatchAllocDealloc		Partially implemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF2721, DF2722, DF2723


Klocwork
Include Page
Klocwork_V
Klocwork_V
FNH.MIGHT
FNH.MUST
LDRA tool suite
Include Page
LDRA_V
LDRA_V

407 S, 483 S, 644 S, 645 S, 125 D

Partially implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-

MEM34-

a

Do not free resources using invalid pointers
Parasoft Insure++

Runtime analysis
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

424, 673

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C:

Pointer deallocation without a corresponding dynamic allocation

A block of memory shall only be freed if it was allocated by means of a Standard Library function

Rule MEM34-C


Checks for:

  • Invalid free of pointer
  • Invalid reallocation of pointer

Rule fully covered.

PRQA QA-C9.1  1769PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V585, V726
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
invalid-free
Partially checked
TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

unclassified ("free expects a free-able address")

Exhaustively verified (see one compliant and one non-compliant example).

Related Vulnerabilities

CVE-2015-0240 describes a vulnerability in which an uninitialized pointer is passed to TALLOC_FREE(), which is a Samba-specific memory deallocation macro that wraps the talloc_free() function. The implementation of  talloc_free() would access the uninitialized pointer, resulting in a remote exploit.

...

Bibliography

[ISO/IEC 9899:20112024]Subclause J.2, "Undefined Behavior"
[Seacord 2013b]Chapter 4, "Dynamic Memory Management"

...