FUM.GEN.MUST

Freeing unallocated memory

If unallocated memory is freed, results can be unpredictable. The FUM.GEN.MUST checker finds deallocation functions that are invoked with an uninitialized pointer.

Vulnerability and risk

When free() is called on an invalid pointer, it can cause corruption of a program's memory, resulting in program crash, and possibly creating a vulnerability that an attacker can exploit.

Mitigation and prevention

To avoid freeing non-heap memory, make sure that you:

• free only pointers that were allocated on the heap with malloc() previously
• keep track of pointers and free them only once
• free only memory that belongs to the right part of the program

Vulnerable code example

1
2
3
4
5
6
7
8
9
10
11
12
13
      typedef struct list {
        char * next;
      } list;
      typedef struct z {
        list l;
      } z;
  
      void a6(){ // 8923
        z * x = malloc(sizeof(z));
       if (!x) return;
       x->l.next=1;
       free(x->l.next);
     }

Klocwork produces an issue report at line 12 indicating that unallocated memory referenced by 'x->l.next' and assigned on line 11 was freed at line 12. Freeing unallocated memory can cause an application to crash, and possibly result in vulnerability to attack.

Related checkers

• FMM.MIGHT
• FMM.MUST
• FNH.MIGHT
• FNH.MUST
• FREE.INCONSISTENT
• FUM.GEN.MIGHT
• FUM.GEN.MUST

External guidance

• CWE-590: Free of Memory not on the Heap
• CERT MEM00-C: Allocate and free memory in the same module, at the same level of abstraction
• CERT MEM51-CPP: Properly deallocate dynamically allocated resources

Security training

Application security training materials provided by Secure Code Warrior.

• Heap Overflow Training Video - Test your skills with a training example

Extension

This checker can be extended through the Klocwork knowledge base. See Tuning C/C++ analysis for more information.