Incorrect use of free() on stack variable
Description
The software calls free() on a pointer to memory that has a short lifetime and was not allocated using associated heap allocation functions such as malloc(), calloc(), or realloc().
Examples
Insecure Code
c
int arr[10]; free(arr);Secure Code
c
int* arr = malloc(10 * sizeof(int)); free(arr);Remediation
Use stack variables or dynamically allocated memory with correct allocation and deallocation functions.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0286 |
| Category | Generic |
| Severity | CRITICAL |
| CWE | CWE-590 |
| Confidence | MEDIUM |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | EASY |
| Tags | memory, allocation |
| OWASP | N/A |
References
- https://github.com/shellphish/how2heap/blob/master/glibc_2.23/house_of_spirit.c
- https://cwe.mitre.org/data/definitions/590