...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MEM50-CPP | High | Likely | Medium | P18 | L1 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| dangling_pointer_use | |||||||
Axivion Bauhaus Suite |
| CertC++-MEM50 | |||||||
Clang |
| clang-analyzer-cplusplus.NewDelete | Checked by clang-tidy , but does not catch all violations of this rule. | ||||||
CodeSonar |
| ALLOC.UAF | Use after free | ||||||
Compass/ROSE | |||||||||
| USE_AFTER_FREE | Can detect the specific instances where memory is deallocated more than once or read/written to the target of a freed pointer | |||||||
Helix QAC |
| C++4303, C++4304 | |||||||
Klocwork |
| UFM.DEREF.MIGHT UFM.DEREF.MUST UFM.FFM.MIGHT UFM.FFM.MUST UFM.RETURN.MIGHT UFM.RETURN.MUST UFM.USE.MIGHT UFM.USE.MUSTMUST | |||||||
LDRA tool suite |
| 483 S, 484 S | Partially implemented | ||||||
Parasoft C/C++test |
| BDCERT_CPP-RES-FREEMEM50-a | Do not use resources that have been freed | ||||||
Parasoft Insure++ | Runtime detection | PRQA QA-C++ | 4.1 | 4303, 4304||||||
Polyspace Bug Finder |
| CERT C++: MEM50-CPP | Checks for:
Rule partially covered. | ||||||
PVS-Studio |
| V586, V774 | |||||||
Splint |
|
Related Vulnerabilities
VU#623332 describes a double-free vulnerability in the MIT Kerberos 5 function krb5_recvauth() [VU# 623332].
...