The application attempts to return a memory resource to the
system, but calls the wrong release function or calls the appropriate release
function incorrectly.
Extended Description
This weakness can take several forms, such as:
1. The memory was allocated, explicitly or implicitly, via one memory
management method and deallocated using a different, non-compatible
function (CWE-762).
2. The function calls or memory management routines chosen are
appropriate, however they are used incorrectly, such as in
CWE-761.
Time of Introduction
Implementation
Potential Mitigations
Phase
Description
Implementation
Only call matching memory management functions. Do not mix and match
routines. For example, when you allocate a buffer with malloc(), dispose
of the original pointer with free().
Implementation
When programming in C++, consider using smart pointers provided by the
boost library to help correctly and consistently manage memory.
Implementation
Operation
Use a library that contains built-in protection against free of
invalid pointers, such as glibc.
Architecture and Design
Use a language that provides abstractions for memory allocation and
deallocation.
Testing
Use a tool that dynamically detects memory management problems, such
as valgrind.
This area of the view CWE-1000 hierarchy needs additional work. Several
entries will likely be created in this branch. Currently the focus is on
free() of memory, but delete and other related release routines may require
the creation of intermediate entries that are not specific to a particular
function. In addition, the role of other types of invalid pointers, such as
an expired pointer, i.e. CWE-415 Double Free and release of uninitialized
pointers, related to CWE-457.
Description
