SEI CERT C Coding Standard - Guidelines 08. Memory Management (MEM)

The product calls free() twice on the same memory address, potentially leading to modification of unexpected memory locations.

The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().

The product does not release or incorrectly releases a resource before it is made available for re-use.

The product does not properly "clean up" and remove temporary or supporting resources after they have been used.

The product does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.

The product performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the o...

The product performs a calculation to determine how much memory to allocate, but an integer overflow can occur that causes less memory to be allocated than expected, l...

The product allocates memory based on an untrusted, large size value, but it does not ensure that the size is within expected limits, allowing arbitrary amounts of mem...

The product does not properly maintain a reference to a resource that has been allocated, which prevents the resource from being reclaimed.

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.

The product uses, accesses, or otherwise operates on a resource after that resource has been expired, released, or revoked.

The product performs an operation on a resource at the wrong phase of the resource's lifecycle, which can lead to unexpected behaviors.

The product uses an API function, data structure, or other entity in a way that relies on properties that are not always guaranteed to hold for that entity.

Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.

The code calls sizeof() on a malloced pointer type, which always returns the wordsize/8. This can produce an unexpected result if the programmer intended to determine ...

CWE entries in this view (graph) are fully or partially eliminated by following the guidance presented in the online wiki that reflects that current rules and recommen...