Page History

...

Passing a pointer value to a deallocation function that was not previously obtained by the matching allocation function results in undefined behavior, which can lead to exploitable vulnerabilities.

Rule	Severity	Likelihood

Remediation Cost

Detectable	Repairable	Priority	Level
MEM56-CPP	High	Likely	No

Medium

No

P18

P9

L1

L2

Automated Detection

Tool	Version	Checker	Description

Astrée

Include Page

	Astrée_V
	Astrée_V

dangling_pointer_use

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC++-MEM56

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

DF4721, DF4722, DF4723

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

CERT.MEM.SMART_PTR.OWNED
CERT.MEM.SMART_PTR.OWNED.THIS

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_CPP-MEM56-a

Do not store an already-owned pointer value in an unrelated smart pointer

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C++: MEM56-CPP

Checks for use of already-owned pointers (rule fully covered)

PVS-Studio

Include Page

	PVS-Studio_V
	PVS-Studio_V

V1006

Security Reviewer - Static Reviewer

Include Page

	Security Reviewer - Static Reviewer_V
	Security Reviewer - Static Reviewer_V

va_start_subsequentCalls

Fully implemented

Related Vulnerabilities

Search for other vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding Standard	MEM50-CPP. Do not access freed memory MEM51-CPP. Properly deallocate dynamically allocated resources
MITRE CWE	CWE-415, Double Free CWE-416, Use After Free CWE 762, Mismatched Memory Management Routines

Bibliography

[ISO/IEC 14882-2014]

Subclause 20.8, "Smart Pointers"

...

Space shortcuts

Page tree

Versions Compared

Old Version 16

New Version Current

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography