Mismatched Memory Management Routines

The application attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.


Description

This weakness can be generally described as mismatching memory management routines, such as:

The memory was allocated on the stack (automatically), but it was deallocated using the memory management routine free() (CWE-590), which is intended for explicitly allocated heap memory.

The memory was allocated explicitly using one set of memory management functions, and deallocated using a different set. For example, memory might be allocated with malloc() in C++ instead of the new operator, and then deallocated with the delete operator.

When the memory management functions are mismatched, the consequences may be as severe as code execution, memory corruption, or program crash. Consequences and ease of exploit will vary depending on the implementation of the routines and the object being managed.

Demonstrations

The following examples help to illustrate the nature of this weakness and describe methods or techniques which can be used to mitigate the risk.

Note that the examples here are by no means exhaustive and any given weakness may have many subtle varieties, each of which may require different detection methods or runtime controls.

Example One

This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.

void foo(){

  BarObj *ptr = new BarObj()
  /* do some work with ptr here */

  ...

  free(ptr);

}

Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator.

void foo(){

  BarObj *ptr = new BarObj()
  /* do some work with ptr here */

  ...

  delete ptr;

}

Example Two

In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.

class A {
  void foo();
};
void A::foo(){
  int *ptr;
  ptr = (int*)malloc(sizeof(int));
  delete ptr;
}

Example Three

In this example, the program calls the delete[] function on non-heap memory.

class A{
  void foo(bool);
};
void A::foo(bool heap) {
  int localArray[2] = {
    11,22
  };
  int *p = localArray;
  if (heap){
    p = new int[2];
  }
  delete[] p;
}

See Also

SFP Primary Cluster: Faulty Resource Release

This category identifies Software Fault Patterns (SFPs) within the Faulty Resource Release cluster (SFP37).

SEI CERT C Coding Standard - Guidelines 51. Microsoft Windows (WIN)

Weaknesses in this category are related to the rules and recommendations in the Microsoft Windows (WIN) section of the SEI CERT C Coding Standard.

CERT C++ Secure Coding Section 08 - Memory Management (MEM)

Weaknesses in this category are related to rules in the Memory Management (MEM) section of the CERT C++ Secure Coding Standard. Since not all rules map to specific wea...

Comprehensive CWE Dictionary

This view (slice) covers all the elements in CWE.

Weaknesses Introduced During Implementation

This view (slice) lists weaknesses that can be introduced during implementation.

Weaknesses in Software Written in C++

This view (slice) covers issues that are found in C++ programs that are not common to all languages.


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.