Page History

Before the lifetime of the last pointer that stores the return value of a call to a standard memory allocation function has ended, it must be matched by a call to free() with that pointer value.

Noncompliant Code Example

In this noncompliant example, the object allocated by the call to malloc() is not freed before the end of the lifetime of the last pointer text_buffer referring to the object:

#include <stdlib.h>
 
enum { BUFFER_SIZE = 32 };

int f(void

Freeing memory multiple times has similar consequences to accessing memory after it is freed. The underlying data structures that manage the heap can become corrupted in a way that could introduce security vulnerabilities into a program. In practice, these are referred to as double-free vulnerabilities. To eliminate double-free vulnerabilities, it is necessary to guarantee that dynamic memory is freed only once. Programmers should be wary when freeing memory in a loop or conditional statement, if coded incorrectly, these constructs can lead to double-free vulnerabilities.

Non-compliant Code Example 1

In this example, a string of upper case characters is converted to lower all case characters. The pointer to the uppercase string, str is passed to the routine func(). In this routine, a pointer, temp, is set to str and used convert the string "ABCD" to "abcd". Once the string is converted, temp is freed and the function returns. However, because temp references the same storage as str, when temp was freed so was str. As a result, when str is freed a second time in main, freed memory may accessed leading to unpredictable program behavior.

#include <stdlib.h>
#include <stdio.h>

int func(char *str, size_t size) {
  char *temptext_buffer = str; (char /*str and temp reference same location */
  size_t i;
  for (i = 0; i < size-1; i++) temp[i] += 32;
  free(temp);
  return 0;
}

int main*)malloc(BUFFER_SIZE); 
  if (text_buffer == NULL) {
    return -1;
  }
  return 0;
}

Compliant Solution

In this compliant solution, the pointer is deallocated with a call to free():

#include <stdlib.h>

enum { BUFFER_SIZE = 32 };

int f(void) {
  char size*text_tbuffer size = 5;
  (char *str = )malloc(sizeBUFFER_SIZE); 
  if strncpy(str,"ABCD",size);
  printf("%s\n",str); /* 1st printing of str */
  func(str,size);(text_buffer == NULL) {
    return -1;
  }
 
  free(strtext_buffer);
  return 0;
}

Compliant Solution 1

Only free a pointer to dynamic memory once. This can be accomplished in this example by removing the call to free(str) in main().

Exceptions

MEM31-C-EX1: Allocated memory does not need to be freed if it is assigned to a pointer whose lifetime includes program termination. The following code example illustrates a pointer that stores the return value from malloc() in a static variable:

#include <stdlib.h>
#include <stdio.h>
 
enum { BUFFER_SIZE = 32 };

int func(char *str, size_t sizef(void) {
  static char *temptext_buffer = strNULL;
  /*str and temp reference same location */
  size_t i;
  for (i = 0; i < size-1; i++) temp[i] += 32;
  free(temp);if (text_buffer == NULL) {
    text_buffer = (char *)malloc(BUFFER_SIZE); 
    if (text_buffer == NULL) {
      return -1;
    }
  }
  return 0;
}

int main(void) {
  size_t size = 5;
  char *str = malloc(size);
  strncpy(str,"ABCD",size);
  printf("%s\n",str); /* 1st printing of str */
  func(str,size);
  return 0;
}

Risk Assessment

Failing to free memory can result in the exhaustion of system memory resources, which can lead to a denial-of-service attack.

Automated Detection

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

Key here (explains table format and definitions)

CERT-CWE Mapping Notes

Key here for mapping notes

CWE-404/CWE-459/CWE-771/CWE-772 and FIO42-C/MEM31-C

Intersection( FIO42-C, MEM31-C) = Ø

CWE-404 = CWE-459 = CWE-771 = CWE-772

CWE-404 = Union( FIO42-C, MEM31-C list) where list =

• Failure to free resources besides files or memory chunks, such as mutexes)

Bibliography

...

Image Added Image Added Image Added