Mismatched Memory Management
Description
The software attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.
Examples
Insecure Code
c
void *ptr = malloc(10); free(ptr);Secure Code
c
void *ptr = malloc(10); free(ptr);Remediation
Use the correct release function corresponding to the allocation function. For example, if memory was allocated using malloc, use free. If memory was allocated using calloc or realloc, use free. If memory was allocated using strdup or strndup, use free.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0230 |
| Category | Generic |
| Severity | MEDIUM |
| CWE | CWE-762 |
| Confidence | LOW |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | memory management, c, cpp |
| OWASP | N/A |
References
- https://github.com/struct/mms
- https://cwe.mitre.org/data/definitions/590
- https://cwe.mitre.org/data/definitions/762