SEI CERT C Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 94

changes.mady.by.user Melanie Thompson

Saved on

compared with

New Version 95

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Freeing memory multiple times has similar consequences to accessing memory after it is freed. (See guideline rule MEM30-C. Do not access freed memory.) First, reading a pointer to deallocated memory is undefined because the pointer value is indeterminate and may can have a trap representation . In the latter case, doing so may can cause a hardware trap. When reading a freed pointer doesn't cause a trap, the underlying data structures that manage the heap can become corrupted in a way that can introduce security vulnerabilities into a program. These types of issues are referred to as double-free vulnerabilities. In practice, double-free vulnerabilities can be exploited to execute arbitrary code. One example of this is VU#623332, which describes a double-free vulnerability in the MIT Kerberos 5 function krb5_recvauth().

To eliminate double-free vulnerabilities, it is necessary to guarantee that dynamic memory is freed exactly one time. Programmers should be wary when freeing memory in a loop or conditional statement; if coded incorrectly, these constructs can lead to double-free vulnerabilities. It is also a common error to misuse the realloc() function in a manner that results in double-free vulnerabilities. (See guideline recommendation MEM04-C. Do not perform zero length allocations.)

...

Note that this solution checks for numeric overflow. (See guideline rule INT32-C. Ensure that operations on signed integers do not result in overflow.)

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Secure Coding Standard: MEM31-CPP. Free dynamically allocated memory exactly once

...

Wiki Markup\[[ISO/IEC PDTR 24772|AA. Bibliography#ISO/IEC PDTR 24772]\] TR 24772 "XYK Dangling Reference to Heap" and "XYL Memory Leak"

MITRE CWE: CWE-415, "Double Free"

Bibliography

Wiki Markup

\[[MIT 2005|AA. Bibliography#MIT 05]\]
\[[MITRE 2007|AA. Bibliography#MITRE 07]\] [CWE ID 415|http://cwe.mitre.org/data/definitions/415.html], "Double Free"
\[[OWASP, Double Free|AA. Bibliography#OWASP Double Free]\]
\[[Viega 2005|AA. Bibliography#Viega 05]\] "Doubly freeing memory"
\[[VU#623332|AA. Bibliography#VU623332]\]

...