You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 22 Next »

With the introduction of pointers to void in the C Standard, explicitly casting the result of a call to malloc() is no longer necessary and may even produce unexpected behavior if <stdlib.h> is accidentally not included.

Non-Compliant Code Example

If stdlib.h is not included, the compiler makes the assumption that malloc() has a return type of int. When the result of a call to malloc() is explicitly cast to a pointer type, the compiler assumes that the cast from int to a pointer type is done with full knowledge of the possible outcomes. This may lead to behavior that is unexpected by the programmer.

char *p = (char *)malloc(10);

Compliant Solution

By omitting the explicit cast to a pointer, the compiler can determine that an int is attempting to be assigned to a pointer type and will generate a warning that may easily be corrected.

#include <stdlib.h>
/* ... */
char *p = malloc(10);

Exceptions

MEM02-EX1. The return value from malloc() may be cast in C code that needs to be compatible with C++, where explicit casts from void * are required.

Risk Assessment

Explicitly casting the return value of malloc() may eliminate the warning for the implicit declaration of malloc().

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MEM02-A

1 (low)

1 (unlikely)

3 (low)

P3

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

[[Summit 05]] Question 7.7, Question 7.7b


MEM01-A. Store a new value in pointers immediately after free()      08. Memory Management (MEM)       MEM03-A. Clear sensitive information stored in reusable resources returned for reuse

  • No labels