SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 16

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Failing to meet the stated requirements for a replaceable dynamic storage function leads to undefined behavior. The severity of risk depends heavily on the caller of the allocation functions, but in some situations, dereferencing a null pointer can lead to the execution of arbitrary code [Jack 2007van Sprundel 2006]. The indicated severity is for this more severe case.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MEM55-CPP

High

Likely

Medium

P18

L1

Automated Detection

Tool

Version

Checker

Description

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4736, DF4737, DF4738, DF4739


Klocwork
Include Page
Klocwork_V
Klocwork_V

CERT.MEM.OVERRIDE.DELETE
CERT.MEM.OVERRIDE.NEW


Parasoft C/C++test
9.5MRM-14, MRM-15 
Include Page
Parasoft_V
Parasoft_V

CERT_CPP-MEM55-a

The user defined 'new' operator should throw the 'std::bad_alloc' exception when the allocation fails

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: MEM55-CPPChecks for replacement allocation/deallocation functions that do not meet requirements of the Standard (rule fully covered)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding Standard

DCL54-CPP. Overload allocation and deallocation functions as a pair in the same scope
OOP56-CPP. Honor replacement handler requirements  

SEI CERT C Coding StandardEXP34-C. Do not dereference null pointers

Bibliography

[ISO/IEC 14882-2014]Subclause 17.6.4.8, "Other Functions"
Subclause 18.6.1, "Storage Allocation and Deallocation" 
[Jack 2007]
 

[van Sprundel 2006]
 

...



...