ALLOC.MO : Misaligned Object

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

A function that is supposed to use or release a dynamically-allocated resource is called with a pointer that is not at the start of the allocated object.

Class Name

Misaligned Object

Significance

security

Mnemonic

ALLOC.MO

Categories

CWE	CWE:664	Improper Control of a Resource Through its Lifetime
	CWE:761	Free of Pointer not at Start of Buffer
	CWE:763	Release of Invalid Pointer or Reference
	CWE:823	Use of Out-of-range Pointer Offset

Availability

Available for C and C++.

Enabling

Checks for this warning class are enabled by default. To disable them, add the following WARNING_FILTER rule to the project configuration file.

WARNING_FILTER += discard class="Misaligned Object"

CodeSonar ships with library models that allow it to recognize a large number of functions that use or release a dynamically-allocated resource, across many different libraries. Some examples are shown in the table below. If one of these functions is called with a pointer argument that does not point to the beginning of the allocated object, a warning will be issued.

If you have created a custom library model for some function f() in terms of one of these existing models, calls to f() will also be capable of triggering Misaligned Object warnings.

	Functions that can trigger warnings include...
Apache Portable Runtime (APR)	apr_palloc(), apr_pstrcat()
C++ operators	operator delete()
FreeRTOS	vQueueDelete()
gcc Builtins	__builtin___fprintf_chk(), __builtin_fputc()
LDAP	ldap_msgfree()
libc	fgetc(), kvm_close()
Linux Kernel	free_page(), kfree_()
Mac OS X	_FREE(), thread_deallocate()
Nucleus	DMCE_Deallocate_Memory(), PMCE_Delete_Partition_Pool()
OpenSSL	CRYPTO_free(), CRYPTO_realloc()
Qt	qFree(), qRealloc()
VxWorks	lstFree(), semDelete()
Win32	CloseHandle(), fscanf_s()

Functions that can trigger warnings include...

Apache Portable Runtime (APR)

apr_palloc(), apr_pstrcat()

C++ operators

operator delete()

FreeRTOS

vQueueDelete()

gcc Builtins

__builtin___fprintf_chk(), __builtin_fputc()

LDAP

ldap_msgfree()

libc

fgetc(), kvm_close()

Linux Kernel

free_page(), kfree_()

Mac OS X

_FREE(), thread_deallocate()

Nucleus

DMCE_Deallocate_Memory(), PMCE_Delete_Partition_Pool()

OpenSSL

CRYPTO_free(), CRYPTO_realloc()

qFree(), qRealloc()

VxWorks

lstFree(), semDelete()

Win32

CloseHandle(), fscanf_s()

#include <stdlib.h>

void misaligned_object(void){
    char * p = malloc( 10 );
    if (!p){
        return;
    }
    free(p + 1);  /* 'Misaligned Object' warning issued here */
}

The following configuration file parameters affect checks for this warning class.

ALLOC.MO : Misaligned Object

Summary

Properties

Triggering Functions

Example

Relevant Configuration File Parameters