CWE-590: Free of Memory not on the Heap

Description

The product calls free() on a pointer to memory that was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().

Submission Date :

Dec. 15, 2006, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

When free() is called on an invalid pointer, the program's memory management data structures may become corrupted. This corruption can cause the program to crash or, in some circumstances, an attacker may be able to cause free() to operate on controllable memory locations to modify critical program variables or execute code.

Example Vulnerable Codes

Example - 1

In this example, an array of record_t structs, bar, is allocated automatically on the stack as a local variable and the programmer attempts to call free() on the array. The consequences will vary based on the implementation of free(), but it will not succeed in deallocating the memory.


// /* do something interesting with bar */// 
record_t bar[MAX_SIZE];...free(bar);void foo(){}

This example shows the array allocated globally, as part of the data segment of memory and the programmer attempts to call free() on the array.



// /* do something interesting with bar */// 
...free(bar);record_t bar[MAX_SIZE]; //Global varvoid foo(){}

Instead, if the programmer wanted to dynamically manage the memory, malloc() or calloc() should have been used.


// /* do something interesting with bar */// 
record_t *bar = (record_t*)malloc(MAX_SIZE*sizeof(record_t));...free(bar);void foo(){}

Additionally, you can pass global variables to free() when they are pointers to dynamically allocated memory.



// /* do something interesting with bar */// 
bar = (record_t*)malloc(MAX_SIZE*sizeof(record_t));...free(bar);record_t *bar; //Global varvoid foo(){}

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

Visit http://cwe.mitre.org/ for more details.

© cvefeed.io
Latest DB Update: Nov. 21, 2024 20:08