SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 19

changes.mady.by.user Robert C. Seacord

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Content by Label
showLabelsfalse
max99
spacescom.atlassian.confluence.content.render.xhtml.model.resource.identifiers.SpaceResourceIdentifier@3bbaf8c
showSpacefalse
sorttitle
cqllabel = "mem" and label = "rule" and label != "void" and space = currentSpace()
labels+mem,+rule,-void

Info

Information for Editors
In order to have a new guideline automatically listed above be sure to label it mem and rule.

Risk Assessment Summary

Rule

Severity

Likelihood

Detectable

Repairable

Priority

Level

MEM30-CHighLikelyNoNo

P9

L2

MEM31-CMediumProbableNoNo

P4

L3

MEM33-CLowUnlikelyYesNo

P2

L3

MEM34-CHighLikelyNoNo

P9

L2

MEM35-CHighProbableNoNo

P6

L2

MEM36-CLowProbableNoNo

P2

L3

Related Rules and Recommendations

Navigation Map
memory-management
memory-management
cellWidth700
wrapAfter1
cellHeight15

...

Image Added Image Added Image Added

Memory management is a common source of programming flaws that can lead to security vulnerabilities. In the C programming language, decisions regarding how dynamic memory is allocated, used, and de-allocated are the burden of the programmer. Poor memory management can lead to security issues such as heap-buffer overflows, dangling pointers, and double-free issues Seacord 05 . From the programmer's perspective, memory management involves allocating memory, reading and writing to memory, and deallocating memory.

The following rules and recommendations are designed to reduce the common errors associated with memory management. These guidelines address common misunderstandings and errors in memory management that lead to security vulnerabilities.

These guidelines apply to the following standard memory management routines described in C99 Section 7.20.3:

Code Block

void * malloc(size_t size);

void * calloc(size_t nmemb, size_t size);

void * realloc(void *ptr, size_t size);

void free(void *ptr);

The specific characteristics of these routines are based on the compiler used. With a few exceptions, this document only considers the general and compiler-independent attributes of these routines.

Recommendations

Allocate and free memory in the same module, at the same level of abstraction

Set pointers to dynamically allocated memory to NULL after they are released

Adopt consistent guidelines for memory allocation and de-allocation

Rules

Do not access freed memory

Do not free memory multiple times

Detect and handle memory allocation errors

Do not assume memory allocation routines initialize memory

Only free memory allocated dynamically

Ensure that size arguments to memory allocation functions are valid

Do not make assumptions about the result of allocating 0 bytes

Ensure that size arguments to calloc() do not result in an arithmetic overflow

References

...