SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 177

changes.mady.by.user Svyatoslav Razmyslov

Saved on

compared with

New Version Current

changes.mady.by.user Caden Milne

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Updated references from C11->C23

...

Supported, but no explicit checkerKlocworkDetects accessing freed memory at runtimeDeallocation of previously deallocated pointer, Use of General analysis rule set

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
dangling_pointer_use

Supported

Astrée reports all accesses to freed allocated memory.

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-MEM30Detects memory accesses after its deallocation and double memory deallocations
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

ALLOC.UAF

Use after free
Compass/ROSE




Coverity

Include Page
Coverity_V
Coverity_V

USE_AFTER_FREE

Can detect the specific instances where memory is deallocated more than once or read/written to the target of a freed pointer

Klocwork
Cppcheck

Include Page

Cppcheck_V
Cppcheck_V

doubleFree
deallocret
deallocuse		Partially implemented
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

doubleFree
deallocret
deallocuse		Partially  implemented
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4866, DF4867, DF4868, DF4871, DF4872, DF4873

C++3339, C++4303, C++4304


Klocwork
Include Page
Klocwork_V
Klocwork_V
UFM.DEREF.MIGHT
UFM.DEREF.MUST
UFM.FFM.MIGHT
UFM.FFM.MUST
UFM.RETURN.MIGHT
UFM.RETURN.MUST
UFM.USE.MIGHT
UFM.USE.MUST


LDRA tool suite
Include Page
LDRA_V
LDRA_V

51 D, 484 S, 112 D

Partially implemented

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-MEM30-a

Do not use resources that have been freed
Parasoft Insure++

Runtime analysis
PC-lint Plus

Include Page

Parasoft

PC-lint Plus_V

Parasoft

PC-lint Plus_V

BD-RES-FREEParasoft Insure++

449, 2434

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V

Polyspace Bug Finder

R2016a

_V

CERT C: Rule MEM30-C

Checks for:

  • Accessing previously freed pointer

Memory freed more than once without allocation

Memory accessed after deallocation

Splint
Include Page
Splint_VSplint_VPRQA QA-C9.1 1769, 1770 PRQA QA-C++4.2 3339, 4303, 4304 PVS-Studio6.22V586, V774
  • Freeing previously freed pointer

Rule partially covered.

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V586, V774
Splint
Include Page
Splint_V
Splint_V



TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

dangling_pointer

Exhaustively verified (see one compliant and one non-compliant example).

Related Vulnerabilities

VU#623332 describes a double-free vulnerability in the MIT Kerberos 5 function krb5_recvauth()

...

Bibliography

[ISO/IEC 9899:20112024]7.2224.3, "Memory Management Functions"
[Kernighan 1988]Section 7.8.5, "Storage Management"
[OWASP Freed Memory]
[MIT 2005]
[Seacord 2013b]Chapter 4, "Dynamic Memory Management"
[Viega 2005]Section 5.2.19, "Using Freed Memory"
[VU#623332]
[xorl 2009]CVE-2009-1364: LibWMF Pointer Use after free()

...