Page History

...

Freeing memory that is not allocated dynamically can lead to serious errors similar to those discussed in guideline MEM31-C. Free dynamically allocated memory exactly once. The specific consequences of this error depend on the implementation, but they range from nothing to abnormal program termination. Regardless of the implementation, avoid calling free() on anything other than a pointer returned by a dynamic-memory allocation function, such as malloc(), calloc(), or realloc().

...

This compliant solution eliminates the possibility of str, referencing nondynamic memory when it is supplied to free().

...

Automated Detection

...

...

Tool	Version	Checker	Description
Section Coverity Prevent	Include Page c:Coverity_V c:Coverity_V	Section BAD_FREE	Section identifies calls to free() where the argument is a pointer to a function or an array. It also detects the cases where Free is used on an address-of expression, which can never be heap allocated. Coverity Prevent cannot discover all violations of this rule, so further verification is necessary

...

Section Klocwork	Include Page c:Klocwork_V c:Klocwork_V	Section

FNH.MIGHT

...

FNH.MUST

...

FUM.GEN.MIGHT

...

FUM.GEN.MUST

...

Section Compass/ROSE			Section can detect some violations of this rule

...

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

Related Guidelines

This rule appears in the C++ Secure Coding Standard as : MEM34-CPP. Only free memory allocated dynamically.

Bibliography

\[[ISO/IEC 9899:1999|AA. Bibliography#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory management functions"
\[[MITRE 072007|AA. Bibliography#MITRE 07]\] [CWE ID 590|http://cwe.mitre.org/data/definitions/590.html], "Free of Invalid Pointer Not on the Heap"
\[[Seacord 052005|AA. Bibliography#Seacord 05]\] Chapter 4, "Dynamic Memory Management"

...