Freeing memory multiple times has similar consequences to accessing memory after it is freed. The underlying data structures that manage the heap can become corrupted in a way that could introduce security vulnerabilities into a program. In practice, these These types of issues are referred to as double-free vulnerabilities. In practice, double-free vulnerabilities can be exploited to execute arbitrary code. For instance, VU#62332, which describes a double free vulnerability in the MIT Kerberos 5 function krb5_recvauth(). To eliminate double-free vulnerabilities, it is necessary to guarantee that dynamic memory is freed only once. Programmers should be wary when freeing memory in a loop or conditional statement, if coded incorrectly, these constructs can lead to double-free vulnerabilities.
...
| Code Block |
|---|
#include <stdlib.h>
#include <stdio.h>
int func(char *str, size_t size) {
char *temp = str; /*str and temp reference same location */
size_t i;
for (i = 0; i < size-1; i++) temp[i] += 32;
free(temp);
return 0;
}
int main(void) {
size_t size = 5;
char *str = malloc(size);
strncpy(str,"ABCD",size);
printf("%s\n",str); /* 1st printing of str */
func(str,size);
return 0;
}
|