Freeing memory that is not allocated dynamically can lead to serious errors. The specific consequences of this error depend on the compiler, but they range from nothing to abnormal program termination. Regardless of the compiler, avoid calling free() on non-dynamic memoryanything other than a pointer returned by a dynamic-memory allocation function such as malloc(), calloc(), or realloc().
A similar situation arises when realloc() is supplied a pointer to non-dynamically allocated memory. The realloc() function is used to resize a block of dynamic memory. If realloc() is supplied a pointer to memory not allocated by a memory allocation function, such as malloc(), the program may terminate abnormally.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MEM34-C | 1 (high) | 3 (likely) | 2 (high) | P6 | L1 |
Automated Detection
The Coverity Prevent BAD_FREE checker identifies calls to free() where the argument is pointer to a function or an array. Coverity Prevent cannot discover all violations of this rule so further verification is necessary.
Related Vulnerabilities
Search for Examples of vulnerabilities resulting from the violation of this rule can be found on the CERTwebsite.
References
...