As noted in bullet 169 of Appendix J, the behavior a program is undefined when
the pointer argument to the
freeorreallocfunction does not match a pointer earlier returned bycalloc,malloc, orrealloc, or the space has been deallocated by a call tofreeorrealloc.
Freeing memory multiple times has similar consequences to accessing memory after it is freed. The underlying data structures that manage the heap can become corrupted in a way that can introduce security vulnerabilities into a program. These types of issues are referred to as double-free vulnerabilities. In practice, double-free vulnerabilities can be exploited to execute arbitrary code. VU#623332, which describes a double-free vulnerability in the MIT Kerberos 5 function krb5_recvauth(), is one example.
...