...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MEM52-CPP | High | Likely | Medium | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||||
---|---|---|---|---|---|---|---|---|---|---|---|
Compass/ROSE | |||||||||||
Coverity | 7.5 | CHECKED_RETURN | Finds inconsistencies in how function call return values are handled | ||||||||
Helix QAC |
| C++3225, C++3226, C++3227, C++3228, C++3229, C++4632 | |||||||||
Klocwork |
| NPD.CHECK.CALL.MIGHT NPD.CHECK.CALL.MUST NPD.CHECK.MIGHT NPD.CHECK.MUST NPD.CONST.CALL NPD.CONST.DEREF NPD.FUNC.CALL.MIGHT NPD.FUNC.CALL.MUST NPD.FUNC.MIGHT NPD.FUNC.MUST NPD.GEN.CALL.MIGHT NPD.GEN.CALL.MUST NPD.GEN.MIGHT NPD.GEN.MUST RNPD.CALL RNPD.DEREF | |||||||||
LDRA tool suite |
| 45 D | Partially implemented | ||||||||
Parasoft C/C++test |
| CERT_CPP-MEM52-a | Check the return value of new | ||||||||
Parasoft Insure++ | Runtime detection | ||||||||||
Polyspace Bug Finder |
| CERT PRQA QA- C++ | 4.1 | : MEM52-CPP | Checks for unprotected dynamic memory allocation (rule partially covered)4632, 3225, 3226, 3227, 3228, 3229 | ||||||
PVS-Studio |
| V522, V668 |
Related Vulnerabilities
The vulnerability in Adobe Flash [VU#159523] arises because Flash neglects to check the return value from calloc()
. Even though calloc()
returns NULL
, Flash does not attempt to read or write to the return value. Instead, it attempts to write to an offset from the return value. Dereferencing NULL
usually results in a program crash, but dereferencing an offset from NULL
allows an exploit to succeed without crashing the program.
...