Skip to main content
assistive.skiplink.to.breadcrumbs
assistive.skiplink.to.header.menu
assistive.skiplink.to.action.menu
assistive.skiplink.to.quick.search

08. Memory Management (MEM)

Created by Robert C. Seacord, last modified by Philip Shirey on Mar 31, 2009

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Recommendations

MEM00-C. Allocate and free memory in the same module, at the same level of abstraction

MEM01-C. Store a new value in pointers immediately after free()

MEM02-C. Immediately cast the result of a memory allocation function call into a pointer to the allocated type

MEM03-C. Clear sensitive information stored in reusable resources returned for reuse

MEM04-C. Do not perform zero length allocations

MEM05-C. Avoid large stack allocations

MEM06-C. Ensure that sensitive data is not written out to disk

MEM07-C. Ensure that the arguments to calloc(), when multiplied, can be represented as a size_t

MEM08-C. Use realloc() only to resize dynamically allocated arrays

MEM09-C. Do not assume memory allocation routines initialize memory

MEM10-C. Define and use a pointer validation function

MEM11-C. Do not assume infinite heap space

Rules

MEM30-C. Do not access freed memory

MEM31-C. Free dynamically allocated memory exactly once

MEM32-C. Detect and handle memory allocation errors

MEM33-C. Use the correct syntax for flexible array members

MEM34-C. Only free memory allocated dynamically

MEM35-C. Allocate sufficient memory for an object

Risk Assessment Summary

Recommendation	Severity	likelihood	Remediation Cost	Priority	Level
MEM00-C	high	probable	medium	P12	L1
MEM01-C	high	unlikely	low	P9	L2
MEM02-C	low	unlikely	low	P3	L3
MEM03-C	medium	unlikely	high	P2	L3
MEM04-C	low	likely	medium	P6	L2
MEM05-C	low	likely	medium	P6	L2
MEM06-C	medium	unlikely	high	P2	L3
MEM07-C	high	unlikely	medium	P6	L2
MEM08-C	high	likely	medium	P18	L1
MEM09-C	medium	unlikely	medium	P4	L3
MEM10-C	high	unlikely	high	P3	L3

Rule	Severity	likelihood	Remediation Cost	Priority	Level
MEM30-C	high	likely	medium	P18	L1
MEM31-C	high	probable	medium	P12	L1
MEM32-C	high	likely	medium	P18	L1
MEM33-C	low	unlikely	low	P3	L3
MEM34-C	high	likely	medium	P18	L1
MEM35-C	high	probable	high	P6	L2
MEM37-C	low	probable	medium	P3	L3

Related Rules and Recommendations

EXP33-C. Do not read uninitialized memory

EXP34-C. Do not dereference null pointers

INT01-C. Use size_t or rsize_t for all integer values representing the size of an object

STR31-C. Guarantee that storage for strings has sufficient space for character data and the null terminator

STR37-C. Arguments to character handling functions must be representable as an unsigned char CERT C Secure Coding Standard

No labels