SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 186

changes.mady.by.user Dario Necco

Saved on

compared with

New Version Current

changes.mady.by.user Francesco Mariani

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

MEM31-C-EX1: Allocated memory does not need to be freed if it is assigned to a pointer with static storage duration whose lifetime is the entire execution of a programincludes program termination. The following code example illustrates a pointer that stores the return value from malloc() in a static variable:

...

Failing to free memory can result in the exhaustion of system memory resources, which can lead to a denial-of-service attack.

Rule

Severity

Likelihood

Detectable

Remediation CostRepairable

Priority

Level

MEM31-C

Medium

Probable

No

MediumNo

P8P4

L2L3

Automated Detection

MLKMIGHTMLKMUSTMLKRETMUSTMLK.RET2706, 2707, 2708, 3337, 3338

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported, but no explicit checker
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-MEM31Can detect dynamically allocated resources that are not freed
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

ALLOC.LEAK

Leak

Compass/ROSE


Coverity

Include Page
Coverity_V
Coverity_V

RESOURCE_LEAK

ALLOC_FREE_MISMATCH

Finds resource leaks from variables that go out of scope while owning a resource

Cppcheck
 
Include Page
Cppcheck_V
Cppcheck_V
memleak
leakReturnValNotUsed
leakUnsafeArgAlloc
memleakOnRealloc
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

memleak
leakReturnValNotUsed
leakUnsafeArgAlloc
memleakOnRealloc
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF2706, DF2707, DF2708

C++3337, C++3338

 leakReturnValNotUsedDoesn't use return value of memory allocation function


Klocwork
Include Page
Klocwork_V
Klocwork_V
CL.FFM.ASSIGN
CL.FFM.COPY
CL.SHALLOW.ASSIGN
CL.SHALLOW.COPY
FMM.MIGHT
FMM.MUST
LDRA tool suite
Include Page
LDRA_V
LDRA_V

50 D

Partially implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-MEM31-a

Ensure resources are freed
Parasoft Insure++

Runtime analysis
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

429

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule MEM31-CChecks for memory leak (rule fully covered)


PRQA QAPVS-CStudio

Include Page
PRQA QAPVS-CStudio_vVPRQA QA
PVS-CStudio_v

2706, 2707, 2708PRQA QA-C++

V

V773
Security Reviewer - Static Reviewer

Include Page
Security Reviewer - Static Reviewer_V
Security Reviewer - Static Reviewer_V

CPP_17
CPP_18
CPP_22
CPP_23
CPP_24
CPP_25
CPP_26
CPP_27
Fully implemented
Include Page
cplusplus:PRQA QA-C++_Vcplusplus:PRQA QA-C++_V
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S3584
Splint

Include Page
Splint_V
Splint_V



TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

mallocExhaustively verified.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

CWE-404 = Union( FIO42-C, MEM31-C list) where list =

  • Failure to free resources besides files or memory chunks, such as mutexes)

Bibliography

[ISO/IEC 9899:20112024]Subclause 7.2224.3, "Memory Management Functions"

...