Page History

...

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MEM52-CPP	High	Likely	Medium	P18	L1

Automated Detection

Tool

Version

Checker

Description

Compass/ROSE

Coverity

7.5

CHECKED_RETURN

Finds inconsistencies in how function call return values are handled

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C++3225, C++3226, C++3227, C++3228, C++3229, C++4632

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

NPD.CHECK.CALL.MIGHT
NPD.CHECK.CALL.MUST
NPD.CHECK.MIGHT
NPD.CHECK.MUST
NPD.CONST.CALL
NPD.CONST.DEREF
NPD.FUNC.CALL.MIGHT
NPD.FUNC.CALL.MUST
NPD.FUNC.MIGHT
NPD.FUNC.MUST
NPD.GEN.CALL.MIGHT
NPD.GEN.CALL.MUST
NPD.GEN.MIGHT
NPD.GEN.MUST
RNPD.CALL
RNPD.DEREF

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

45 D

Partially implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_CPP-MEM52-a
CERT_CPP-MEM52-b

Check the return value of new
Do not allocate resources in function argument list because the order of evaluation of a function's parameters is undefined

MRM-34

Parasoft Insure++

Runtime detection

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT PRQA QA- C++: MEM52-CPP

Checks for unprotected dynamic memory allocation (rule partially covered)

PVS-Studio

Include Page

4.1

4632, 3225, 3226, 3227, 3228, 3229

	PVS-Studio

6.22

V522

_V
	PVS-Studio_V

V522, V668General analysis rule

Related Vulnerabilities

The vulnerability in Adobe Flash [VU#159523] arises because Flash neglects to check the return value from calloc(). Even though calloc() returns NULL, Flash does not attempt to read or write to the return value. Instead, it attempts to write to an offset from the return value. Dereferencing NULL usually results in a program crash, but dereferencing an offset from NULL allows an exploit to succeed without crashing the program.

...

Space shortcuts

Page tree

Versions Compared

Old Version 61

New Version Current

Key

Automated Detection

Related Vulnerabilities