Recommendations
MEM00-AC. Allocate and free memory in the same module, at the same level of abstraction
MEM01-AC. Store a new value in pointers immediately after free()
MEM02-AC. Immediately cast the result of a memory allocation function call into a pointer to the allocated type
MEM03-AC. Clear sensitive information stored in reusable resources returned for reuse
MEM04-AC. Do not perform zero length allocations
MEM05-AC. Avoid large stack allocations
MEM06-AC. Ensure that sensitive data is not written out to disk
MEM07-AC. Ensure that the arguments to calloc() when multiplied can be represented as a size_t
MEM08-AC. Use realloc() only to resize dynamically allocated arrays
MEM09-AC. Do not assume memory allocation routines initialize memory
MEM10-AC. Define and use a pointer validation function
Rules
MEM30-C. Do not access freed memory
...
Recommendation | Severity | likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM00-A C | high | probable | medium | P12 | L1 |
MEM01-A C | high | unlikely | low | P9 | L2 |
MEM02-A C | low | unlikely | low | P3 | L3 |
MEM03-A C | medium | unlikely | high | P2 | L3 |
MEM04-A C | low | likely | medium | P6 | L2 |
MEM05-A C | low | likely | medium | P6 | L2 |
MEM06-A C | medium | unlikely | high | P2 | L3 |
MEM07-A C | high | unlikely | medium | P6 | L2 |
MEM08-A C | high | likely | medium | P18 | L1 |
MEM09-A C | medium | unlikely | medium | P4 | L3 |
MEM10-A C | high | unlikely | high | P3 | L3 |
Rule | Severity | likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM30-C | high | likely | medium | P18 | L1 |
MEM31-C | high | probable | medium | P12 | L1 |
MEM32-C | high | likely | medium | P18 | L1 |
MEM33-C | low | unlikely | low | P3 | L3 |
MEM34-C | high | likely | medium | P18 | L1 |
MEM35-C | high | probable | high | P6 | L2 |
...
STR35-C. Do not copy data from an unbounded source to a fixed-length array 07. Characters and Strings (STR) MEM00-A. Allocate and free memory in the same module, at the same level of abstraction