SonarSource Rules

Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarQube for IDE
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarQube Cloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube Server

C static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your C code

Vulnerability13

Security Hotspot19

Filtered: 7 rules found

unpredictable

Impact

Clean code attribute

Stack allocated memory and non-owned memory should not be freed

intentionality - logical

reliability

Bug

Explicitly releasing non-heap memory leads to undefined behavior.

Why is this an issue?

How can I fix it?

The free function and delete operator are used exclusively to release dynamically allocated memory. Attempting to release any other type of memory is undefined behavior.

The following non-heap memory types may not be released:

Stack allocated memory - local variables or memory allocated with the alloca, _alloca, _malloca and __builtin_alloca functions.
Executable program code - function pointers.
Program data - global and static variables.
Read-only program data - constants and strings.

What is the potential impact

Trying to release non-heap memory using free or delete results in undefined behavior.

When a program comprises undefined behavior, the compiler no longer needs to adhere to the language standard, and the program has no meaning assigned to it.

The application will usually just crash, but in the worst case, the application may appear to execute correctly, while losing data or producing incorrect results.

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

Developer Edition
Available Since
9.1