Page History

...

Supported, but no explicit checkerKlocworkKlocwork

Tool

Version

Checker

Description

Include Page

	Astrée_V
	Astrée_V

dangling_pointer_use

Supported

Astrée reports all accesses to freed allocated memory.

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-MEM30

Detects memory accesses after its deallocation and double memory deallocations

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

ALLOC.UAF

Use after free

Compass/ROSE

Coverity

Include Page

	Coverity_V
	Coverity_V

USE_AFTER_FREE

Can detect the specific instances where memory is deallocated more than once or read/written to the target of a freed pointer

Klocwork

Cppcheck

Include Page

	Cppcheck_V

	Cppcheck_V

UFM.DEREF.MIGHT
UFM.DEREF.MUST
UFM.FFM.MIGHT
UFM.FFM.MUST
UFM.RETURN.MIGHT
UFM.RETURN.MUST
UFM.USE.MIGHT
UFM.USE.MUST

LDRA tool suite

Include Page

LDRA_V

51 D, 484 S, 112 D

Partially implemented

Parasoft C/C++test

Include Page

Parasoft_V

BD-RES-FREE

Implemented

Parasoft Insure++

Detects accessing freed memory at runtime

Polyspace Bug Finder

R2016a

Deallocation of previously deallocated pointer, Use of previously freed pointer

Memory freed more than once without allocation

Memory accessed after deallocation

doubleFree
deallocret
deallocuse

Partially implemented

Cppcheck Premium

Include Page

	Cppcheck Premium_V
	Cppcheck Premium_V

doubleFree
deallocret
deallocuse

Partially implemented

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

DF4866, DF4867, DF4868, DF4871, DF4872, DF4873

C++3339, C++4303, C++4304

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

UFM.DEREF.MIGHT
UFM.DEREF.MUST
UFM.FFM.MIGHT
UFM.FFM.MUST
UFM.RETURN.MIGHT
UFM.RETURN.MUST
UFM.USE.MIGHT
UFM.USE.MUST

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

51 D, 484 S, 112 D

Partially implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-MEM30-a

Do not use resources that have been freed

Parasoft Insure++

Runtime analysis

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

449, 2434

Fully supported

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rule MEM30-C

Checks for:

Accessing previously freed pointer
Freeing previously freed pointer

Rule partially covered.

PVS-Studio

Include Page

	PVS-Studio_V
	PVS-Studio_V

PRQA QA-C

9.1

1769, 1770

PRQA QA-C++

4.2

3339, 4303, 4304

PVS-Studio

6.22

V586, V774

Splint

Include Page

	Splint_V
	Splint_V

TrustInSoft Analyzer

Include Page

	TrustInSoft Analyzer_V
	TrustInSoft Analyzer_V

dangling_pointer

Exhaustively verified (see one compliant and one non-compliant example).

Related Vulnerabilities

VU#623332 describes a double-free vulnerability in the MIT Kerberos 5 function krb5_recvauth().

...

Bibliography

[ISO/IEC 9899:20112024]	7.2224.3, "Memory Management Functions"
[Kernighan 1988]	Section 7.8.5, "Storage Management"
[OWASP Freed Memory]
[MIT 2005]
[Seacord 2013b]	Chapter 4, "Dynamic Memory Management"
[Viega 2005]	Section 5.2.19, "Using Freed Memory"
[VU#623332]
[xorl 2009]	CVE-2009-1364: LibWMF Pointer Use after free()

...

Space shortcuts

Page tree

Versions Compared

Old Version 179

New Version Current

Key

Related Vulnerabilities

Bibliography