SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 12

changes.mady.by.user Jeffrey Gennari

Saved on

compared with

New Version 13

changes.mady.by.user Jeffrey Gennari

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

In this example, the memory referred to by x may freed twice: once if error_condition is true and again at the end of the code.

Code Block

int *x = malloc (number * sizeof(int));
if (x == NULL) {
  /* Handle Allocation Error */
}
if (error_conditon == 1) {
  /* Handle Error Condition*/
  free(x);
}
/* ... */
free(x);

Compliant Solution 1

Only free a pointer to dynamic memory referred to by x once. For this example this can be accomplished by removing the call to free() in the section of code executed when error_condition is true.

Code Block


int *x = malloc (number * sizeof(int));
if (x == NULL) {
  /* Handle Allocation Error */
}
if (error_conditon == 1) {
  /* Handle Error Condition*/
}
/* ... */
free(x);

References

VU#623332 http://www.kb.cert.org/vuls/id/623332
MIT krb5 Security Advisory 2005-003 http://web.mit.edu/kerberos/www/advisories/MITKRB5-SA-2005-003-recvauth.txt
OWASP Double Free http://www.owasp.org/index.php/Double_Free