SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 152

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 153

changes.mady.by.user Carol J. Lallier

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Evaluating

...

a pointer—including dereferencing the pointer, using it as an operand of an arithmetic operation, type casting it,

...

and using

...

it as the right-hand side of an

...

assignment—into memory that has been deallocated by a memory management function is undefined behavior. Pointers to memory that

...

has been deallocated are

...

called dangling pointers. Accessing a dangling pointer can result in exploitable vulnerabilities.

According to the C Standard, using the value of a pointer that refers to space deallocated by a call to the free() or realloc() function is undefined behavior (see undefined behavior 177).

...

In this noncompliant code example, buf is written to after it has been freed. Write-after-free vulnerabilities can be exploited to run arbitrary code with the permissions of the vulnerable process and are seldom this obvious. Typically, allocations and frees are far removed, making it difficult to recognize and diagnose these problems.

...

CERT C Secure Coding StandardMEM01-C. Store a new value in pointers immediately after free()
SEI CERT C++ Coding StandardMEM50-CPP. Do not access freed memory
ISO/IEC TR 24772:2013Dangling References to Stack Frames [DCM]
Dangling Reference to Heap [XYK]
ISO/IEC TS 17961

Accessing freed memory [accfree]
Freeing memory multiple times [dblfree]

MISRA C:2012Rule 18.6 (required)
MITRE CWE

CWE-415, Double Free
CWE-416, Use After Free

...