...
| Wiki Markup |
|---|
To avoid these situations, it is recommended that memory be allocated and freed at the same level of abstraction, and ideally in the same code module. This includes the use of the following memory allocation and deallocation functions described in C99 Section 7.20.3 \[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.3: |
| Code Block |
|---|
void *malloc(size_t size); void *calloc(size_t nmemb, size_t size); void *realloc(void *ptr, size_t size); void free(void *ptr); |
...
This noncompliant code example shows a double-free vulnerability resulting from memory being allocated and freed at differing levels of abstraction. In this example, memory for the list array is allocatd allocated in the process_list() function. The array is then passed to the verify_list() function that performs error checking on the size of the list. If the size of the list is below a minimum size, the memory allocated to the list is freed and the function returns to the caller. The calling function then frees this same memory again, resulting in a double-free and potentially exploitable vulnerability.
...
| Wiki Markup |
|---|
\[[ISO/IEC 9899:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory Management Functions"
\[[ISO/IEC PDTR 24772|AA. C References#ISO/IEC PDTR 24772]\] "XYL Memory Leak"
\[[MIT 04|AA. C References#MIT 04]\]
\[[MITRE 07|AA. C References#MITRE 07]\] [CWE ID 416|http://cwe.mitre.org/data/definitions/416.html], "Use After Free," and [CWE ID 415|http://cwe.mitre.org/data/definitions/415.html], "Double Free"
\[[Plakosh 05|AA. C References#Plakosh 05]\]
\[[Seacord 05a|AA. C References#Seacord 05]\] Chapter 4, "Dynamic Memory Management" |
...