Unchecked Return Value of Memory Allocation Function
Description
The software does not check the return value from a memory allocation function, which can prevent it from detecting unexpected states and conditions, such as out-of-memory errors.
Examples
Insecure Code
c
void* ptr = malloc(10);Secure Code
c
void* ptr = malloc(10);
if (ptr == NULL) {
// handle error
}Remediation
Check the return value of the memory allocation function and handle the error accordingly.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0767 |
| Category | Generic |
| Severity | MEDIUM |
| CWE | CWE-252 |
| Confidence | MEDIUM |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | memory-allocation, error-handling |
| OWASP | N/A |
References
- https://github.com/struct/mms
- https://www.sei.cmu.edu/downloads/sei-cert-c-coding-standard-2016-v01.pdf
- https://cwe.mitre.org/data/definitions/690
- https://cwe.mitre.org/data/definitions/252
- https://g.co/kgs/PCHQjJ