Non-Compliant Code Example
char *p = malloc(10);
Compliant Solution
#include <stdlib.h> /* ... */ char *p = (char *)malloc(10);
Risk Assessment
Explicitly casting the return value of malloc() may eliminate the warning for the implicit declaration of malloc().
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
MEM02-A |
1 (low) |
1 (unlikely) |
3 (low) |
P3 |
L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
[[Summit 05]] Question 7.7
, Question 7.7b
MEM01-A. Store a new value in pointers immediately after free() 08. Memory Management (MEM) MEM03-A. Clear sensitive information stored in reusable resources returned for reuse