SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 12

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Windows provides several APIs for allocating memory.  While some of these functions have converged over time, it is still important to always properly pair allocations and deallocations.  The following table shows the proper pairings.

AllocatorDeallocator
malloc()free()
realloc()free()
LocalAlloc()LocalFree()
LocalReAlloc() LocalFree()
GlobalAlloc()GlobalFree()
GlobalReAlloc()GlobalFree()
VirtualAlloc()VirtualFree()
VirtualAllocEx()VirtualFreeEx()
VirtualAllocExNuma()VirtualFreeEx()
AllocateUserPhysicalPages()FreeUserPhysicalPages()
AllocateUserPhysicalPagesNuma()FreeUserPhysicalPages()
HeapAlloc()HeapFree()
HeapReAlloc()HeapFree()

Noncompliant Code Example

...

Code Block
bgColor#FFCCCC
langc
LPTSTR buf;
DWORD n = FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
                        FORMAT_MESSAGE_FROM_SYSTEM |
                        FORMAT_MESSAGE_IGNORE_INSERTS, 0, GetLastError(),
                        LANG_USER_DEFAULT, (LPTSTR)&buf, 1024, 0);
if (n != 0) {
  /* Format and display the error to the user */

  GlobalFree(buf);
}

Compliant Solution

The compliant solution uses the proper deallocation function as described by the documentation.

Code Block
bgColor#ccccff
langc
LPTSTR buf;
DWORD n = FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER |
                        FORMAT_MESSAGE_FROM_SYSTEM |
                        FORMAT_MESSAGE_IGNORE_INSERTS, 0, GetLastError(),
                        LANG_USER_DEFAULT, (LPTSTR)&buf, 1024, 0);
if (n != 0) {
  /* Format and display the error to the user */

  LocalFree(buf);
}

Risk Assessment

Mixing allocation and deallocation functions can lead to memory corruption issues, or result in accessing out-of-bounds memory.

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

WIN30-C

Low

Probable

Low

No

No

P6

P2

L2

L3

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V


Supported: Can be checked with appropriate analysis stubs.
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
ALLOC.TMType
Mismatch
mismatch
Coverity
Include Page
Coverity_V
Coverity_V

ALLOC_FREE_MISMATCH (needs improvement)

Partially implemented; needs improvement
Klocwork
Include Page
Klocwork_V
Klocwork_V
FMM.MIGHT
FMM.MUST
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-WIN30-a

Ensure resources are freed

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule WIN30-CChecks for mismatched alloc/dealloc functions on Windows (rule fully covered)
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V701

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding Standard
VOID MEM39
MEM51-CPP.
Resources allocated by memory allocation functions must be released using the corresponding memory deallocation function

...

Properly deallocate dynamically allocated resources


...

Image Modified Image Modified Image Modified