...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <stdlib.h>
/* p is a pointer to dynamically allocated memory. */
void func(void *p, size_t size) {
if (size) {
p2 = realloc(p, size);
if (p2 == NULL) {
free(p);
return;
}
} else {
free(p);
return;
}
} |
Exception
MEM31-EX1: Some library implementations accept and ignore a deallocation of already-free memory. If all libraries used by a project have been validated as having this behavior, then this rule can be ignored.
Risk Assessment
Freeing memory multiple times can result in an attacker executing arbitrary code with the permissions of the vulnerable process.
...