Page History

...

Memory and other resource leaks will eventually cause a program to crash. If an attacker can provoke repeated resource leaks by forcing an exception to be thrown through the submission of suitably crafted data, then the attacker can mount a denial-of-service attack.

Rule	Severity	Likelihood	Detectable	RepairableRemediation Cost	Priority	Level
ERR57-CPP	Low	Probable	No	HighNo	P2	L3

Automated Detection

Tool

Version

Checker

Description

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

ALLOC.LEAK

Leak

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C++4756, C++4757, C++4758DF4756, DF4757, DF4758

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

CL.MLK
MLK.MIGHT
MLK.MUST
MLK.RET.MIGHT
MLK.RET.MUST
RH.LEAK

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

50 D

Partially implemented

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_CPP-ERR57-a

Ensure resources are freed

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

CERT C++: ERR57-CPP

Checks for:

Resource leak caused by exception
Object left in partially initialized state
Bad allocation in constructor

...

SEI CERT C++ Coding Standard

MEM51-CPP. Properly deallocate dynamically allocated resources
MEM52-CPP. Detect and handle memory allocation errors
ERR56-CPP. Guarantee exception safety

Bibliography

[Cline 2009]	Question 17.2, I'm still not convinced: A 4-line code snippet shows that return-codes aren't any worse than exceptions; why should I therefore use exceptions on an application that is orders of magnitude larger?
[ISO/IEC 14882-2014]	Subclause 15.2, "Constructors and Destructors"
[Meyers 1996]	Item 9, "Use Destructors to Prevent Resource Leaks"
[Stroustrup 2001]	"Exception-Safe Implementation Techniques"

...

Space shortcuts

Page tree

Versions Compared

Old Version 75

New Version Current

Key

Automated Detection

Bibliography