Recommendations
MEM00-C. Allocate and free memory in the same module, at the same level of abstraction
MEM01-C. Store a new value in pointers immediately after free()
MEM03-C. Clear sensitive information stored in reusable resources
MEM04-C. Do not perform zero length allocations
MEM05-C. Avoid large stack allocations
MEM06-C. Ensure that sensitive data is not written out to disk
MEM07-C. Ensure that the arguments to calloc(), when multiplied, can be represented as a size_t
MEM08-C. Use realloc() only to resize dynamically allocated arrays
MEM09-C. Do not assume memory allocation routines initialize memory
MEM10-C. Define and use a pointer validation function
MEM11-C. Do not assume infinite heap space
Rules
MEM30-C. Do not access freed memory
MEM31-C. Free dynamically allocated memory exactly once
MEM32-C. Detect and handle memory allocation errors
MEM33-C. Allocate and copy structures containing flexible array members dynamically
MEM34-C. Only free memory allocated dynamically
...
| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Info |
|---|
Information for Editors |
Rules
| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
| Info |
|---|
Information for Editors |
Risk Assessment Summary
Recommendation | Severity | likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM00-C | high | probable | medium | P12 | L1 |
MEM01-C | high | unlikely | low | P9 | L2 |
MEM02-C | low | unlikely | low | P3 | L3 |
MEM03-C | medium | unlikely | high | P2 | L3 |
MEM04-C | low | likely | medium | P6 | L2 |
MEM05-C | low | likely | medium | P6 | L2 |
MEM06-C | medium | unlikely | high | P2 | L3 |
MEM07-C | high | unlikely | medium | P6 | L2 |
MEM08-C | high | likely | medium | P18 | L1 |
MEM09-C | medium | unlikely | medium | P4 | L3 |
MEM10-C | high | unlikely | high | P3 | L3 |
MEM12-C | low | probable | medium | P3 | L3 |
...