...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdlib.h>
enum { BUFFER_SIZE = 32 };
int f(void) {
char *text_buffer = (char *)malloc(BUFFER_SIZE);
if (text_buffer == NULL) {
return -1;
}
free(text_buffer);
return 0;
}
|
Exceptions
MEM31-C-EX1: Allocated memory does not need to be freed if it is assigned to a pointer with static storage duration whose lifetime is the entire execution of a programincludes program termination. The following code example illustrates a pointer that stores the return value from malloc() in a static variable:
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdlib.h>
enum { BUFFER_SIZE = 32 };
int f(void) {
static char *text_buffer = NULL;
if (text_buffer == NULL) {
text_buffer = (char *)malloc(BUFFER_SIZE);
if (text_buffer == NULL) {
return -1;
}
}
return 0;
}
|
...
Failing to free memory can result in the exhaustion of system memory resources, which can lead to a denial-of-service attack.
Rule | Severity | Likelihood | Detectable |
|---|
Repairable | Priority | Level |
|---|---|---|
MEM31-C | Medium | Probable |
No | No |
P4 |
L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| Supported, but no explicit checker | |||||||
| Axivion Bauhaus Suite |
| CertC-MEM31 | Can detect dynamically allocated resources that are not freed | ||||||
| CodeSonar |
| ALLOC.LEAK | Leak | ||||||
| Compass/ROSE |
| RESOURCE_LEAK ALLOC_FREE_MISMATCH | Finds resource leaks from variables that go out of scope while owning a resource |
5.0
| Cppcheck |
| memleak leakReturnValNotUsed leakUnsafeArgAlloc memleakOnRealloc | |||||||
| Cppcheck Premium |
| memleak leakReturnValNotUsed leakUnsafeArgAlloc memleakOnRealloc | |||||||
| Helix QAC |
| DF2706, DF2707, DF2708 C++3337, C++3338 |
| Klocwork |
|
MLK
UFM.FFM
| CL.FFM.ASSIGN CL.FFM.COPY CL.SHALLOW.ASSIGN CL.SHALLOW.COPY FMM.MIGHT FMM.MUST | |||||||
| LDRA tool suite |
|
484 S
| 50 D | Partially implemented | |||||||
| Parasoft C/C++test |
| CERT_C-MEM31-a | Ensure resources are freed | ||||||
| Parasoft Insure++ | Runtime analysis | ||||||||
| PC-lint Plus |
| 429 | Fully supported | ||||||
| Polyspace Bug Finder |
| CERT C: Rule MEM31-C | Checks for memory leak (rule fully covered) | ||||||
| PVS-Studio |
| V773 | |||||||
| Security Reviewer - Static Reviewer |
| CPP_17 CPP_18 CPP_22 CPP_23 CPP_24 CPP_25 CPP_26 CPP_27 | Fully implemented | ||||||
| SonarQube C/C++ Plugin |
| S3584 | |||||||
| Splint |
| ||||||||
| TrustInSoft Analyzer |
|
| malloc |
| Exhaustively verified. |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
Key here (explains table format and definitions)
Taxonomy | Taxonomy item | Relationship |
|---|
| ISO/IEC TR 24772:2013 | Memory Leak [XYL] | Prior to 2018-01-12: CERT: Unspecified Relationship |
| ISO/IEC TS 17961 | Failing to close files or free dynamic memory when they are no longer needed [fileclose] |
| Prior to 2018-01-12: CERT: Unspecified Relationship | ||
| CWE 2.11 | CWE-401, Improper Release of Memory Before Removing Last Reference ("Memory Leak") | 2017-07-05: CERT: Exact |
| CWE 2.11 | CWE-404 | 2017-07-06: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-459 | 2017-07-06: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-771 | 2017-07-06: CERT: Rule subset of CWE |
| CWE 2.11 | CWE-772 | 2017-07-06: CERT: Rule subset of CWE |
CERT-CWE Mapping Notes
Key here for mapping notes
CWE-404/CWE-459/CWE-771/CWE-772 and FIO42-C/MEM31-C
Intersection( FIO42-C, MEM31-C) = Ø
CWE-404 = CWE-459 = CWE-771 = CWE-772
CWE-404 = Union( FIO42-C, MEM31-C list) where list =
- Failure to free resources besides files or memory chunks, such as mutexes)
Bibliography
...
...