Freeing unallocated memory possible
If unallocated memory is freed, results can be unpredictable. The FUM.GEN.MIGHT checker finds possible deallocation functions that are invoked with an uninitialized pointer.
Vulnerability and risk
When free() is called on an invalid pointer, it can cause corruption of a program's memory, resulting in program crash, and possibly creating a vulnerability that an attacker can exploit.
Mitigation and prevention
To avoid freeing non-heap memory, make sure that you:
- free only pointers that were allocated on the heap with malloc() previously
- keep track of pointers and free them only once
- free only memory that belongs to the right part of the program
Vulnerable code example
char * x = 1;
if (a) x= malloc(1);
Klocwork produces an issue report at line 4 indicating that the memory referenced by 'x' and assigned on line 2 may be freed incorrectly at line 4, if the condition at line 3 is false. Freeing unallocated memory can cause an application to crash, and possibly result in vulnerability to attack.
Application security training materials provided by Secure Code Warrior.
This checker can be extended through the Klocwork knowledge base. See Tuning C/C++ analysis for more information.