SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 98

changes.mady.by.user Will Snavely

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Setting pointers to NULL or to another valid value after memory is freed is a simple and easily implemented solution for reducing dangling pointers. Dangling pointers can result in freeing memory multiple times or in writing to memory that has already been freed. Both of these problems can lead to an attacker executing arbitrary code with the permissions of the vulnerable process.

Recommendation

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

MEM01-C

High

Unlikely

Yes

Low

Yes

P9

L2

Automated Detection

Tool

Version

Checker

Description

Astrée
Include Page
Astrée_V
Astrée_V
 Supported, but no explicit checker

Supported: Astrée reports usage of invalid pointers.
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-MEM01Fully implemented
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

ALLOC.DF
ALLOC.UAF

Double free
Use after free

Compass/ROSE

 

 

 




Coverity

Include Page
Coverity_V
Coverity_V

USE_AFTER_FREE

Can detect the specific instances where memory is deallocated more than once or read/written to the target of a freed pointer

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

C3005


LDRA tool suite
Include Page
LDRA_V
LDRA_V
484 S, 112 DPartially implemented
Parasoft C/C++test
Include Page
c:
Parasoft_V
c:
Parasoft_V
BD-RES-FREE,MRM-09,MRM-10,MRM-11

CERT_C-MEM01-a
CERT_C-MEM01-b
CERT_C-MEM01-c
CERT_C-MEM01-d

Do not use resources that have been freed
Always assign a new value to an expression that points to deallocated memory
Always assign a new value to global or member variable that points to deallocated memory
Always assign a new value to parameter or local variable that points to deallocated memory

 

Parasoft Insure++
  


Detects dangling pointers at runtime

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rec. MEM01-CChecks for missing reset of a freed pointer (rec. fully covered)

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID MEM01-CPP. Store a valid value in pointers immediately after deallocation
ISO/IEC TR 24772:2013Dangling References to Stack Frames [DCM]
Dangling Reference to Heap [XYK]
Off-by-one Error [XZH]
MITRE CWECWE-415, Double free
CWE-416, Use after free

Bibliography

[Seacord 2013]Chapter 4, "Dynamic Memory Management"
[Plakosh 2005]
 

...



...