SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 102

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM Cost Reform

...

The use of type-generic function-like macros is an allowed exception (PRE00-C-EX4) to PRE00-C. Prefer inline or static functions to function-like macros.

Exceptions

MEM02-C-EX1: Do not immediately cast the results of malloc() for code that will be compiled using a C90-conforming compiler because it is possible for the cast to hide a more critical defect (see DCL31-C. Declare identifiers before using them for a code example that uses malloc() without first declaring it).

...

Failing to cast the result of a memory allocation function call into a pointer to the allocated type can result in inadvertent pointer conversions. Code that follows this recommendation will compile and execute equally well in C++.

Recommendation

Severity

Likelihood

Detectable

Remediation Cost

Repairable

Priority

Level

MEM02-C

Low

Unlikely

Yes

Low

Yes

P3

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
alloc-without-cast
Partially checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-MEM02Fully implemented
Compass/ROSE

 

 



Can detect some violations of this recommendation when checking EXP36-C. Do not cast pointers into more strictly aligned pointer types

ECLAIR
Include Page
ECLAIR_V
ECLAIR_V
CC2.MEM02Fully implemented

Fortify SCA

5.0

 

Can detect violations of this rule with CERT C Rule Pack

PRQA QA-C Include Page
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C0695
Parasoft C/C++test

Include Page
Parasoft_V
Parasoft_V

CERT_C-MEM02-a
CERT_C-MEM02-b

The result of the memory allocation function should be cast immediately
The result of the memory allocation function should be cast immediately into a pointer to the allocated type

PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

908

Assistance provided: reports implicit conversions from void* to another type

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. MEM02-C


Checks for wrong allocated object size for cast (rule fully covered)

RuleChecker

Include Page
RuleChecker_V
RuleChecker_V

alloc-without-cast
Partially checked
PRQA QA-C_vPRQA QA-C_v0695Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID MEM02-CPP. Immediately cast the result of a memory allocation function call into a pointer to the allocated type

Bibliography

[Summit 2005]Question 7.7
Question 7.7b

...


...

Image Modified Image Modified Image Modified