Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Resources must not be leaked as a result of throwing an exception, including during the construction of an object.

This rule is a subset subset of MEM51-CPP. Properly deallocate dynamically allocated resources, as all failures to deallocate resources violate that rule.

...

Memory and other resource leaks will eventually cause a program to crash. If an attacker can provoke repeated resource leaks by forcing an exception to be thrown through the submission of suitably crafted data, then the attacker can mount a denial-of-service attack.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR57-CPP

Low

Probable

High

P2

L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

ALLOC.LEAK

Leak
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4756, DF4757, DF4758


Klocwork
Include Page
Klocwork_V
Klocwork_V

CL.MLK
MLK.MIGHT
MLK.MUST
MLK.RET.MIGHT
MLK.RET.MUST
RH.LEAK


LDRA tool suite
Include Page
LDRA_V
LDRA_V

50 D

Partially implemented

Parasoft C/C++test
9.5BD-RES-LEAKS 
Include Page
Parasoft_V
Parasoft_V

CERT_CPP-ERR57-a

Ensure resources are freed

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: ERR57-CPP

Checks for:

  • Resource leak caused by exception
  • Object left in partially initialized state
  • Bad allocation in constructor

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Bibliography

[Cline 2009]

Question 17.2, I'm still not convinced: A 4-line code snippet shows that return-codes aren't any worse than exceptions;
why should I therefore use exceptions on an application that is orders of magnitude larger?

[ISO/IEC 14882-2014]Subclause 15.2, "Constructors and Destructors"
[Meyers 1996]Item 9, "Use Destructors to Prevent Resource Leaks"
[Stroustrup 2001]"Exception-Safe Implementation Techniques"

...


...

Image Modified Image Modified Image Modified