SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 55

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 56

changes.mady.by.user Anirban Gangopadhyay

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

A pointer validation function can be used to detect and prevent operations from being performed on some invalid pointers.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MEM10-C

High

Unlikely

High

P3

L3

Automated Detection

Tool

Version

Checker

Description

LDRA tool suite
Include Page
LDRA_V
LDRA_V
159 SEnhanced enforcement
Polyspace Bug Finder
R2016a

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

Memory allocation with tainted size

Unprotected dynamic memory allocation

Use of tainted pointer

Size argument to memory function is from an unsecure source

Pointer returned from dynamic allocation not checked for NULL value

Pointer from an unsecure source may be NULL or point to unknown memory

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardVOID MEM10-CPP. Define and use a pointer validation function
MITRE CWE

CWE-20, Improper Input Validation
CWE-79, Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE-89, Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CWE-91, XML Injection (aka Blind XPath Injection)
CWE-94, Improper Control of Generation of Code ('Code Injection')
CWE-114, Process Control
CWE-601, URL Redirection to Untrusted Site ('Open Redirect')

Bibliography

[Jack 2007]
[van Sprundel 2006]

...


...