Double Free Vulnerability
Description
The software calls free() twice on the same memory address, potentially leading to memory corruption. This corruption can cause the program to crash or cause two later calls to malloc() to return the same pointer.
Examples
Insecure Code
c
void example() {
int* ptr = malloc(sizeof(int));
free(ptr);
free(ptr);
}Secure Code
c
void example() {
int* ptr = malloc(sizeof(int));
free(ptr);
ptr = NULL;
}Remediation
Ensure that free() is only called once on each allocated memory address. Consider using smart pointers or other memory management techniques to prevent double-free vulnerabilities.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0224 |
| Category | Generic |
| Severity | CRITICAL |
| CWE | CWE-415 |
| Confidence | MEDIUM |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | memory-corruption, double-free |
| OWASP | N/A |
References
- https://github.com/struct/mms
- https://www.sei.cmu.edu/downloads/sei-cert-c-coding-standard-2016-v01.pdf
- https://dustri.org/b/playing-with-weggli.html
- https://docs.microsoft.com/en-us/cpp/sanitizers/asan-error-examples
- https://cwe.mitre.org/data/definitions/415