...
| Wiki Markup |
|---|
To avoid these situations, it is recommended that memory be allocated and freed at the same level of abstraction, and ideally in the same code module. This includes the use of the following memory allocation and deallocation functions described in C99 \[[ISO/IEC 9899-:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.3: |
...
This non-compliant code example illustrates shows a double-free vulnerability resulting from memory being allocated and freed at differing levels of abstraction. In this example, memory for the list array is allocatd in the process_list() function. The array is then passed to the verify_list() function that performs error checking on the size of the list. If the size of the list is below a minimum size, the memory allocated to the list is freed and the function returns to the caller. The calling function then frees this same memory again, resulting in a double-free and potentially exploitable vulnerability.
...
| Wiki Markup |
|---|
\[[ISO/IEC 9899-:1999|AA. C References#ISO/IEC 9899-1999]\] Section 7.20.3, "Memory Management Functions" \[[MIT Kerberos 5 Security Advisory 2004-002 | http://web.mit.edu/kerberos/advisories/MITKRB5-SA-2004-002-dblfree.txt]\] \[[Plakosh 05|AA. C References#Plakosh 05]\] \[[Seacord 05|AA. C References#Seacord 05]\] Chapter 4, "Dynamic Memory Management" |
...