| Wiki Markup |
|---|
According \[[ISO/IEC 9899-1999| AA. C References#ISO/IEC 9899-1999]\], the behavior of a program that uses the value of a pointer that refers to space deallocated by a call to the {{free()}} or {{realloc()}} function is [undefined | BB. Definitions#undefined behavior] (see [undefined behavior 168 | CC. Undefined Behavior#ub_168] of Annex J). |
Reading a pointer to deallocated memory is undefined since the pointer value is indeterminate and may have a trap representation . In the latter case, doing so may cause a hardware trap.
Accessing memory once it is freed may corrupt the data structures used to manage the heap. References to memory that has been deallocated are referred to as dangling pointers. Accessing a dangling pointer can result in exploitable vulnerabilities.
...