Use After Free
Description
The use of previously-freed memory can have adverse consequences, ranging from data corruption to the execution of arbitrary code, depending on the instantiation and timing of the flaw.
Examples
Insecure Code
c
void func() { int* ptr = malloc(10); free(ptr); *ptr = 5; }Secure Code
c
void func() { int* ptr = malloc(10); free(ptr); ptr = NULL; }Remediation
Ensure that memory is not accessed after it has been freed. Assign a new value to the pointer after freeing it to prevent accidental use.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0680 |
| Category | Generic |
| Severity | CRITICAL |
| CWE | CWE-416 |
| Confidence | MEDIUM |
| Impact | HIGH |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | memory, use-after-free |
| OWASP | N/A |
References
- https://cwe.mitre.org/data/definitions/416
- https://github.com/struct/mms
- https://www.sei.cmu.edu/downloads/sei-cert-c-coding-standard-2016-v01.pdf
- https://docs.microsoft.com/en-us/cpp/sanitizers/asan-error-examples