SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 42

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft C/C++test 10.4

...

Assertions should never be used to verify the absence of runtime (as opposed to logic) errors, such as

  • invalid Invalid user input (including command-line arguments and environment variables)
  • file File errors (for example, errors opening, reading or writing files)
  • network Network errors (including network protocol errors)
  • outOut-of-memory conditions (for example, malloc() or similar failures)
  • system System resource exhaustion (for example, out-of-file descriptors, processes, threads)
  • system System call errors (for example, errors executing files, locking or unlocking mutexes)
  • invalid Invalid permissions (for example, file, memory, user)

...

This noncompliant code example uses the assert() macro to verify that memory allocation succeeded. Because memory availability depends on the overall state of the system and can become exhausted at any point during a process lifetime, a robust program must be prepared to gracefully handle and recover from its exhaustion. Consequently, using the assert() macro to verify that a memory allocation succeeded would be inappropriate because doing so might lead to an abrupt termination of the process, opening the possibility of a denial-of-service attack. See also MEM11-C. Do not assume infinite heap space and void MEM32-C. Detect and handle memory allocation errors.

Code Block
bgColor#ffcccc
langc
char *dupstring(const char *c_str) {
  size_t len;
  char *dup;

  len = strlen(c_str);
  dup = (char *)malloc(len + 1);
  assert(NULL != dup);

  memcpy(dup, c_str, len + 1);
  return dup;
}

...

This compliant solution demonstrates how to detect and handle possible memory exhaustion.:

Code Block
bgColor#ccccff
langc
char *dupstring(const char *c_str) {
  size_t len;
  char *dup;

  len = strlen(c_str);
  dup = (char*)malloc(len + 1);
  /* detectDetect and handle memory allocation error */
  if (NULL == dup) {
      return NULL; 
  }

  memcpy(dup, c_str, len + 1);
  return dup;
}

...

Assertions are a valuable diagnostic tool for finding and eliminating software defects that may result in vulnerabilities. The absence of assertions, however, does not mean that code is incorrect.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC11-C

low

Low

unlikely

Unlikely

high

High

P1

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
LANG.FUNCS.ASSERTSNot enough assertions

Coverity

Include Page
Coverity_V
Coverity_V

ASSERT_SIDE_EFFECT

Can detect the specific instance where assertion contains an operation/function call that may have a side effect

.

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_C-MSC11-a
Assert liberally to document internal assumptions and invariants

Related Vulnerabilities

Search for for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C Secure Coding StandardERR00-C. Adopt and implement a consistent and comprehensive error-handling policy
SEI CERT C++
Secure
Coding StandardVOID MSC11-CPP. Incorporate diagnostic tests using assertions
MITRE CWECWE-190, Reachable assertion

...


...

Image Modified Image Modified Image Modified