Release of Invalid Pointer or Reference| ID: 763 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: INCOMPLETE |
| Abstraction Type: Base |
Description
The application attempts to return a memory resource to the
system, but calls the wrong release function or calls the appropriate release
function incorrectly.
Extended DescriptionThis weakness can take several forms, such as:The memory was allocated, explicitly or implicitly, via one memory
management method and deallocated using a different, non-compatible
function (CWE-762).The function calls or memory management routines chosen are
appropriate, however they are used incorrectly, such as in
CWE-761.
Applicable PlatformsNone
Time Of Introduction
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| IntegrityAvailabilityConfidentiality | Modify memoryDoS: crash / exit /
restartExecute unauthorized code or
commands | This weakness may result in the corruption of memory, and perhaps
instructions, possibly leading to a crash. If the corrupted memory can
be effectively controlled, it may be possible to execute arbitrary
code. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Implementation | | Only call matching memory management functions. Do not mix and match
routines. For example, when you allocate a buffer with malloc(), dispose
of the original pointer with free(). | | |
| Implementation | | When programming in C++, consider using smart pointers provided by the
boost library to help correctly and consistently manage memory. | | |
| Architecture and DesignImplementationOperation | Libraries or Frameworks | Use a vetted library or framework that does not allow this weakness to
occur or provides constructs that make this weakness easier to
avoid.For example, glibc in Linux provides protection against free of
invalid pointers. | | |
| Architecture and Design | | Use a language that provides abstractions for memory allocation and
deallocation. | | |
| Testing | | Use a tool that dynamically detects memory management problems, such
as valgrind. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-763 ChildOf CWE-891 | Category | CWE-888 | |
Demonstrative Examples (Details)
- Consider the following code in the context of a parsing application
to extract commands out of user data. The intent is to parse each command
and add it to a queue of commands to be executed, discarding each malformed
entry. (Demonstrative Example Id DX-79)
- In this example, the programmer dynamically allocates a buffer to
hold a string and then searches for a specific character. After completing
the search, the programmer attempts to release the allocated memory and
return SUCCESS or FAILURE to the caller. Note: for simplification, this
example uses a hard-coded "Search Me!" string and a constant string length
of 20. (Demonstrative Example Id DX-77)
- This code attempts to tokenize a string and place it into an array
using the strsep function, which inserts a \0 byte in place of whitespace or
a tab character. After finishing the loop, each string in the AP array
points to a location within the input string. (Demonstrative Example Id DX-78)
- This example allocates a BarObj object using the new operator in
C++, however, the programmer then deallocates the object using free(), which
may lead to unexpected behavior. (Demonstrative Example Id DX-80)
White Box Definitions None
Black Box Definitions None
Taxynomy MappingsNone
References:
- .boost C++ Library Smart Pointers.
- .Valgrind.
