SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 56

changes.mady.by.user Sandy Shrum

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

If the vulnerable program references memory offset from the return value, an attacker can exploit the program to read or write arbitrary memory. This vulnerability has been used to execute arbitrary code [VU#159523].

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MEM52-CPP

High

Likely

Medium

P18

L1

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE
   



Coverity7.5CHECKED_RETURNFinds inconsistencies in how function call return values are handled
Fortify SCA5.0 
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C++3225, C++3226, C++3227, C++3228, C++3229, C++4632


Klocwork
Include Page
Klocwork_V
Klocwork_V
NPD.CHECK.CALL.MIGHT
NPD.CHECK.CALL.MUST
NPD.CHECK.MIGHT
NPD.CHECK.MUST
NPD.CONST.CALL
NPD.CONST.DEREF
NPD.FUNC.CALL.MIGHT
NPD.FUNC.CALL.MUST
NPD.FUNC.MIGHT
NPD.FUNC.MUST
NPD.GEN.CALL.MIGHT
NPD.GEN.CALL.MUST
NPD.GEN.MIGHT
NPD.GEN.MUST
RNPD.CALL
RNPD.DEREF
 

LDRA tool suite
Include Page
LDRA_V
LDRA_V

45 D

Partially implemented

Parasoft C/C++test
9.5MRM-34
Include Page
Parasoft_V
Parasoft_V

CERT_CPP-MEM52-a
CERT_CPP-MEM52-b

Check the return value of new
Do not allocate resources in function argument list because the order of evaluation of a function's parameters is undefined

 

Parasoft Insure++
  


Runtime detection
Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: MEM52-CPPChecks for unprotected dynamic memory allocation (rule partially covered)
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V522, V668
Runtime detection

Related Vulnerabilities

The vulnerability in Adobe Flash [VU#159523] arises because Flash neglects to check the return value from calloc(). Even though calloc() returns NULL, Flash does not attempt to read or write to the return value. Instead, it attempts to write to an offset from the return value. Dereferencing NULL usually results in a program crash, but dereferencing an offset from NULL allows an exploit to succeed without crashing the program.

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C Coding StandardERR33-C. Detect and handle standard library errors
MITRE CWE

CWE 252, Unchecked Return Value
CWE 391, Unchecked Error Condition
CWE 476, NULL Pointer Dereference
CWE 690, Unchecked Return Value to NULL Pointer Dereference
CWE 703, Improper Check or Handling of Exceptional Conditions
CWE 754, Improper Check for Unusual or Exceptional Conditions

Bibliography

[ISO/IEC 9899:2011]Subclause 7.20.3, "Memory Management Functions"
[ISO/IEC 14882-2014]

Subclause 18.6.1.1, "Single-Object Forms"
Subclause 18.6.1.2, "Array Forms"
Subclause 20.7.9.1, "Allocator Members"

[Meyers 1996]Item 7, "Be Prepared for Out-of-Memory Conditions"
[Seacord 2013]Chapter 4, "Dynamic Memory Management"

...


...

Image Modified Image Modified Image Modified