SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 68

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 69

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Dangling pointers can lead to exploitable double-free and access-freed-memory vulnerabilities. A simple yet effective way to eliminate dangling pointers and avoid many memory-related vulnerabilities is to set pointers to NULL after they have been freed , or to set them to another valid object.

...

Recommendation

Severity

Likelihood

Remediation Cost

Priority

Level

MEM01-C

high

unlikely

low

P9

L2

Automated Detection

Tool

Version

Checker

Description

Section

Compass/ROSE

...

 

 

Section

Section

Coverity Prevent

Include Page
c:Coverity_V
c:Coverity_V
Section

USE_AFTER_FREE

...

Section

can detect the specific instances where Memory is deallocated more than once or Read/Write to target of a freed pointer

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : MEM01-CPP. Store a valid value in pointers immediately after deallocation.

Bibliography

Wiki Markup
\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.20.3.2, "The {{free}} function"
\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] "DCM Dangling references to stack frames," "XYK Dangling Reference to Heap," and "XZH Off-by-one Error"
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 416|http://cwe.mitre.org/data/definitions/416.html], "Use After Free," and [CWE ID 415|http://cwe.mitre.org/data/definitions/415.html], "Double Free"
\[[Seacord 05a2005a|AA. Bibliography#Seacord 05]\] Chapter 4, "Dynamic Memory Management"
\[[Plakosh 052005|AA. Bibliography#Plakosh 05]\]

...