SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 194

changes.mady.by.user Jill Britton

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Failing to free memory can result in the exhaustion of system memory resources, which can lead to a denial-of-service attack.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

MEM31-C

Medium

Probable

No

MediumNo

P8P4

L2L3

Automated Detection

C2706 C2707 C2708C++2706, C++2707, 2708, C++

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V

Supported, but no explicit checker
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-MEM31Can detect dynamically allocated resources that are not freed
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

ALLOC.LEAK

Leak

Compass/ROSE


Coverity

Include Page
Coverity_V
Coverity_V

RESOURCE_LEAK

ALLOC_FREE_MISMATCH

Finds resource leaks from variables that go out of scope while owning a resource

Cppcheck
 
Include Page
Cppcheck_V
Cppcheck_V
memleak
leakReturnValNotUsed
leakUnsafeArgAlloc
memleakOnRealloc
Cppcheck Premium

Include Page
Cppcheck Premium_V
Cppcheck Premium_V

memleak
leakReturnValNotUsed
leakUnsafeArgAlloc
memleakOnRealloc		 leakReturnValNotUsedDoesn't use return value of memory allocation function
Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF2706,

DF2707,

DF2708

C++

3337, C++3338


Klocwork
Include Page
Klocwork_V
Klocwork_V
CL.FFM.ASSIGN
CL.FFM.COPY
CL.SHALLOW.ASSIGN
CL.SHALLOW.COPY
FMM.MIGHT
FMM.MUST
LDRA tool suite
Include Page
LDRA_V
LDRA_V

50 D

Partially implemented
Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V

CERT_C-MEM31-a

Ensure resources are freed
Parasoft Insure++

Runtime analysis
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

429

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule MEM31-CChecks for memory leak (rule fully covered)

PRQA QA-C
Include Page
PRQA QA-C_vPRQA QA-C_v2706, 2707, 2708PRQA QA-C++
Include Page
cplusplus:PRQA QA-C++_Vcplusplus:PRQA QA-C++_V


2706, 2707, 2708, 3337, 3338PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V773
SonarQube C/C++ Plugin
Include Page
SonarQube C/C++ Plugin_V
SonarQube C/C++ Plugin_V
S3584
Splint

Include Page
Splint_V
Splint_V



TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

mallocExhaustively verified.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

CWE-404 = Union( FIO42-C, MEM31-C list) where list =

  • Failure to free resources besides files or memory chunks, such as mutexes)

Bibliography

[ISO/IEC 9899:20112024]Subclause 7.2224.3, "Memory Management Functions"

...