...
The affects of not following this recommendation are best demonstrated by an actual vulnerability. Freeing memory in different modules is best demonstrated by an actual resulted in a vulnerability in MIT Kerberos 5 MIT krb5 Security Advisory http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt. The problem is the MIT Kerberos 5 code contains error-handling logic, which frees memory allocated by the ASN.1 decoders if pointers to the allocated memory are non-null. However, if a detectable error occurs, the ASN.1 decoders themselves free memory which they have allocated. When some library functions receive errors from the ASN.1 decoders, they also attempt to free, causing a double-free vulnerability.
References
- MIT krb5 Security Advisory 2004-002 Consistent Seacord 05 Chapter 4 Dynamic Memory Management Conventions.