SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 162

changes.mady.by.user Sandy Shrum

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Programmers should be wary when freeing memory in a loop or conditional statement; if coded incorrectly, these constructs can lead to double-free vulnerabilities. It is also a common error to misuse the realloc() function in a manner that results in double-free vulnerabilities. (See MEM04-C. Beware of zero-length allocations.)

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MEM30-C

High

Likely

Medium

P18

L1

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Astrée
Include Page
CodeSonar
Astrée_V
CodeSonar

Coverity

Include PageCoverity_VCoverity_V

USE_AFTER_FREE

Astrée_V

ALLOC.UAF

Use after free

Compass/ROSE

 

 

 

dangling_pointer_use

Supported

Astrée reports all accesses to freed allocated memory.

Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC-MEM30Detects memory accesses after its deallocation and double memory deallocations
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

ALLOC.UAF

Use after free
Compass/ROSE




Coverity

Include Page
Coverity_V
Coverity_V

USE_AFTER_FREE

Can detect the specific instances where memory is deallocated more than once or read/written to the target of a freed pointer

Fortify SCA

5.0

Double Free

Helix QAC

Include Page
Helix QAC_V
Helix QAC_V

DF4866, DF4867, DF4868, DF4871, DF4872, DF4873

C++3339, C++4303, C++4304

 LDRA


Klocwork
Include Page
Klocwork_V
Klocwork_V
UFM.DEREF.MIGHT
UFM.DEREF.MUST
UFM.FFM.MIGHT
UFM.FFM.MUST
UFM.RETURN.MIGHT
UFM.RETURN.MUST
UFM.USE.MIGHT
UFM.USE.MUST

 


LDRA tool suite
Include Page
LDRA_V
LDRA_V

51 D, 484 S, 112 D

Partially implemented

Parasoft C/C++test
9.5BD-RES-FREE
Include Page
Parasoft_V
Parasoft_V

CERT_C-MEM30-a

Do not use resources that have been freed
 
Parasoft Insure++
  Detects accessing freed memory at runtimePolyspace Bug FinderR2016a

Deallocation of previously deallocated pointer, Use of previously freed pointer

Memory freed more than once without allocation

Memory accessed after deallocation

Splint

Include PageSplint_VSplint_V

 

 

Related Vulnerabilities

VU#623332 describes a double-free vulnerability in the MIT Kerberos 5 function krb5_recvauth()

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

...

Accessing freed memory [accfree]
Freeing memory multiple times [dblfree]

...



Runtime analysis
PC-lint Plus

Include Page
PC-lint Plus_V
PC-lint Plus_V

449, 2434

Fully supported

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C: Rule MEM30-C

Checks for:

  • Accessing previously freed pointer
  • Freeing previously freed pointer

Rule partially covered.

PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V586, V774
Splint
Include Page
Splint_V
Splint_V



TrustInSoft Analyzer

Include Page
TrustInSoft Analyzer_V
TrustInSoft Analyzer_V

dangling_pointer

Exhaustively verified (see one compliant and one non-compliant example).

Related Vulnerabilities

VU#623332 describes a double-free vulnerability in the MIT Kerberos 5 function krb5_recvauth()

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

Taxonomy

Taxonomy item

Relationship

CERT C Secure Coding StandardMEM01-C. Store a new value in pointers immediately after free()Prior to 2018-01-12: CERT: Unspecified Relationship
CERT CMEM50-CPP. Do not access freed memoryPrior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013Dangling References to Stack Frames [DCM]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TR 24772:2013Dangling Reference to Heap [XYK]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961Accessing freed memory [accfree]Prior to 2018-01-12: CERT: Unspecified Relationship
ISO/IEC TS 17961Freeing memory multiple times [dblfree]Prior to 2018-01-12: CERT: Unspecified Relationship
MISRA C:2012Rule 18.6 (required)Prior to 2018-01-12: CERT: Unspecified Relationship
CWE 2.11CWE-416, Use After Free2017-07-07: CERT: Exact
CWE 2.11CWE-6722017-07-07: CERT: Rule subset of CWE

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-672 and MEM30-C

Intersection( MEM30-C, FIO46-C) = Ø CWE-672 = Union( MEM30-C, list) where list =


  • Use of a resource, other than memory after it has been released (eg: reusing a closed file, or expired mutex)


CWE-666 and MEM30-C

Intersection( MEM30-C, FIO46-C) = Ø

CWE-672 = Subset( CWE-666)

CWE-758 and MEM30-C

CWE-758 = Union( MEM30-C, list) where list =


  • Undefined behavior that is not covered by use-after-free errors


CWE-415 and MEM30-C

MEM30-C = Union( CWE-456, list) where list =


  • Dereference of a pointer after freeing it (besides passing it to free() a second time)

...


Bibliography

[ISO/IEC 9899:2011]7.22.3, "Memory Management Functions"
[Kernighan 1988]Section 7.8.5, "Storage Management"
[OWASP Freed Memory]
 

[MIT 2005]
 

[Seacord 2013b]Chapter 4, "Dynamic Memory Management"
[Viega 2005]Section 5.2.19, "Using Freed Memory"
[VU#623332]
 

[xorl 2009]CVE-2009-1364: LibWMF Pointer Use after free()

...


...

Image Modified Image Modified Image Modified