Freeing memory multiple times has similar consequences to accessing memory after it is freed. The underlying data structures that manage the heap can become corrupted in a way that could introduce security vulnerabilities into a program. These types of issues are referred to as double-free vulnerabilities. In practice, double-free vulnerabilities can be exploited to execute arbitrary code. For instance, VU#62332, which describes a double free vulnerability in the MIT Kerberos 5 function krb5_recvauth(). To eliminate double-free vulnerabilities, it is necessary to guarantee that dynamic memory is freed only once. Programmers should be wary when freeing memory in a loop or conditional statement, if coded incorrectly, these constructs can lead to double-free vulnerabilities.
Non-compliant Code Example 1
In this example, the memory referred to by x is mistakingly freed multiple times.
x = malloc (number * sizeof(int));
if (x == NULL) {
/* Handle Error */
}
/* Manipulate x*/
free(x);
y = malloc (number * sizeof(int));
if (y == NULL) {
/* Handle Error */
}
/* Manipulate y*/
free(x);
Compliant Solution 1
Only free a pointer to dynamic memory referred to by x once. This can be accomplished in this example by replacing the second call to free.
x = malloc (number * sizeof(int));
if (x == NULL) {
/* Handle Error */
}
/* Manipulate x*/
free(x);
y = malloc (number * sizeof(int));
if (y == NULL) {
/* Handle Error */
}
/* Manipulate y*/
free(y);
References
VU#623332, http://www.kb.cert.org/vuls/id/623332