Mismatched Memory Management
Description
The software attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.
Examples
Insecure Code
cpp
void* ptr = malloc(10); delete ptr;Secure Code
cpp
void* ptr = malloc(10); free(ptr);Remediation
Use the correct release function corresponding to the allocation function. For example, use free() with malloc(), delete[] with new[], and delete with new.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0287 |
| Category | Generic |
| Severity | MEDIUM |
| CWE | CWE-762 |
| Confidence | LOW |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | memory management, cpp |
| OWASP | N/A |
References
- https://docs.microsoft.com/en-us/cpp/sanitizers/asan-error-examples
- https://github.com/struct/mms
- https://cwe.mitre.org/data/definitions/590
- https://cwe.mitre.org/data/definitions/762