CWE-762: Mismatched Memory Management Routines

Description

The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.

Submission Date :

May 8, 2009, midnight

Modification Date :

2023-06-29 00:00:00+00:00

Organization :

MITRE
Extended Description

This weakness can be generally described as mismatching memory management routines, such as:

  • The memory was allocated on the stack (automatically), but it was deallocated using the memory management routine free() (CWE-590), which is intended for explicitly allocated heap memory.
  • The memory was allocated explicitly using one set of memory management functions, and deallocated using a different set. For example, memory might be allocated with malloc() in C++ instead of the new operator, and then deallocated with the delete operator.

    When the memory management functions are mismatched, the consequences may be as severe as code execution, memory corruption, or program crash. Consequences and ease of exploit will vary depending on the implementation of the routines and the object being managed.

Example Vulnerable Codes

Example - 1

This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.


// /* do some work with ptr here */// 
BarObj *ptr = new BarObj()...free(ptr);void foo(){}

Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator.


// /* do some work with ptr here */// 
BarObj *ptr = new BarObj()...delete ptr;void foo(){}

Example - 2

In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.

void foo();

int *ptr;ptr = (int*)malloc(sizeof(int));delete ptr;class A {};void A::foo(){}

Example - 3

In this example, the program calls the delete[] function on non-heap memory.

void foo(bool);
11,22
p = new int[2];
int localArray[2] = {};int *p = localArray;if (heap){}delete[] p;class A{};void A::foo(bool heap) {}

Related Weaknesses

This table shows the weaknesses and high level categories that are related to this weakness. These relationships are defined to give an overview of the different insight to similar items that may exist at higher and lower levels of abstraction.

CWE-404: Improper Resource Shutdown or Release
Go to
CWE-590: Free of Memory not on the Heap
Go to
CWE-763: Release of Invalid Pointer or Reference
Go to

Visit http://cwe.mitre.org/ for more details.