Page History

...

It is difficult to pinpoint violations of this recommendation because static analysis tools are currently unable to identify code that can lead to heap exhaustion. The heap size also varies for different runtime environments.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MEM11-C	Low	Probable	High	P2	L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

ALLOC.LEAK
IO.TAINT.SIZE
MISC.MEM.SIZE.BAD
(general)

Leak
Tainted allocation size
Unreasonable size argument
Library models account for allocator failure cases

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

26 S, 140 S, 6 D, 28 D, 5 C, 1 U

Partially implemented

Polyspace Bug FinderR2016a

Memory leak

Memory allocation with tainted size

Tainted sign change conversion

Unprotected dynamic memory allocation

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

413, 613

Assistance provided: reports use of null pointers including those which could be returned when a call to an allocation function fails

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C: Rec. MEM11-C

Checks for unprotected dynamic memory allocation (rule partially covered)

Memory allocated dynamically not freed

Size argument to memory function is from an unsecure source

Value from an unsecure source changes sign

Pointer returned from dynamic allocation not checked for NULL value

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding Standard	VOID MEM12-CPP. Do not assume infinite heap space
CERT Oracle Secure Coding Standard for Java	MSC05-J. Do not exhaust heap space
MITRE CWE	CWE-770, Allocation of resources without limits or throttling

...

Space shortcuts

Page tree

Versions Compared

Old Version 47

New Version Current

Key

Automated Detection

Related Vulnerabilities

Related Guidelines