[metadata]
id = "MEM10-C"
type = "recommendation"
category = "MEM"
number = 10
title = "Define and use a pointer validation function"
description = """
Many functions accept pointers as arguments. If the function dereferences
aninvalid pointer(as inEXP34-C. Do not dereference null pointers) or reads or
writes to a pointer that does not refer to an object, the results areundefined.
Typically, the program willterminate abnormallywhen an invalid pointer is
dereferenced, but it is possible for an invalid pointer to be dereferenced and
its memory changed without abnormal termination [Jack 2007]. Such programs can
be difficult to debug because of the difficulty in determining if a pointer
isvalid. One way to eliminate invalid pointers is to define a function that
accepts a pointer argument and indicates whether or not the pointer isvalidfor
some definition of valid. For example, the following function declares any
pointer to be valid exceptNULL: int valid(void *ptr) { return (ptr != NULL); }
"""
severity = "High"
likelihood = "Unlikely"
priority = "P3"
level = "L3"
cert_version = "2016 Edition (Wiki)"
last_modified = "Aug 31, 2025"
[rules.cert_c.MEM10-C]
enabled = true
[references]
wiki = "https://wiki.sei.cmu.edu/confluence/display/c/MEM10-C.+Define+and+use+a+pointer+validation+function"
cwe = ["CWE-20", "CWE-79", "CWE-89", "CWE-91", "CWE-94", "CWE-114", "CWE-601"]