...
The specific characteristics of these routines are based on the compiler used. With a few exceptions, this document considers only the general and compiler-independent attributes of these routines.
Recommendations
MEM00-A. Allocate and free memory in the same module, at the same level of abstraction
...
MEM03-A. Clear sensitive information stored in dynamic memory prior to deallocation
Rules
MEM30-C. Do not access freed memory
...
MEM37-C. Ensure that size arguments to calloc() do not result in an integer overflow
Risk Assessment Summary
Recommendation | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM00-A | 3 (high) | 2 (probable) | 1 (high) | P6 | L2 |
MEM01-A | 3 (high) | 2 (probable) | 3 (low) | P18 | L1 |
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM30-C | 3 (high) | 3 (likely) | 2 (medium) | P18 | L1 |
MEM31-C | 3 (high) | 2 (probable) | 1 (high) | P6 | L2 |
MEM32-C | 1 (high) | 3 (likely) | 2 (high) | P6 | L1 |
MEM33-C | 2 (medium) | 1 (unlikely) | 3 (low) | P6 | L2 |
MEM34-C | 1 (high) | 3 (likely) | 2 (high) | P6 | L1 |
MEM35-C | 3 (high) | 2 (probable) | 1 (high) | P6 | L2 |
MEM36-C | 3 (high) | 2 (probable) | 2 (medium) | P12 | L1 |
MEM37-C | 3 (high) | 1 (low) | 1 (high) | P12 | L1 |
References
| Wiki Markup |
|---|
\[[ISO/IEC 9899-1999|AA. C References#ISO/IEC 9899-1999]\]7.20.3 Memory management functions \[[Seacord 05|AA. C References#Seacord 05]\] Chapter 4 Dynamic Memory Management |