Common Weakness Enumeration

A Community-Developed List of Software Weakness Types

CWE/SANS Top 25 Most Dangerous Software Errors
Home > CWE List > CWE- Individual Dictionary Definition (2.11)  

CWE-762: Mismatched Memory Management Routines

Weakness ID: 762
Abstraction: Variant
Status: Incomplete
Presentation Filter:
+ Description

Description Summary

The application attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.

Extended Description

This weakness can be generally described as mismatching memory management routines, such as:

  • The memory was allocated on the stack (automatically), but it was deallocated using the memory management routine free() (CWE-590), which is intended for explicitly allocated heap memory.

  • The memory was allocated explicitly using one set of memory management functions, and deallocated using a different set. For example, memory might be allocated with malloc() in C++ instead of the new operator, and then deallocated with the delete operator.

When the memory management functions are mismatched, the consequences may be as severe as code execution, memory corruption, or program crash. Consequences and ease of exploit will vary depending on the implementation of the routines and the object being managed.

+ Time of Introduction
  • Implementation
+ Applicable Platforms




Manual Memory Managed Languages

+ Common Consequences

Technical Impact: Modify memory; DoS: crash / exit / restart; Execute unauthorized code or commands

+ Likelihood of Exploit


+ Demonstrative Examples

Example 1

This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.

(Bad Code)
Example Language: C++ 
void foo(){
BarObj *ptr = new BarObj()
/* do some work with ptr here */


Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator.

(Good Code)
Example Language: C++ 
void foo(){
BarObj *ptr = new BarObj()
/* do some work with ptr here */

delete ptr;

Example 2

In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.

(Bad Code)
Example Language: C++ 
class A {
void foo();
void A::foo(){
int *ptr;
ptr = (int*)malloc(sizeof(int));
delete ptr;

Example 3

In this example, the program calls the delete[] function on non-heap memory.

(Bad Code)
Example Language: C++ 
class A{
void foo(bool);
void A::foo(bool heap) {
int localArray[2] = {
int *p = localArray;
if (heap){
p = new int[2];
delete[] p;
+ Potential Mitigations

Phase: Implementation

Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().

Phase: Implementation

Strategy: Libraries or Frameworks

Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.

For example, glibc in Linux provides protection against free of invalid pointers.

When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [R.762.3].

To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.

Phase: Architecture and Design

Strategy: Libraries or Frameworks

Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.

For example, glibc in Linux provides protection against free of invalid pointers.

Phase: Architecture and Design

Use a language that provides abstractions for memory allocation and deallocation.

Phase: Testing

Use a tool that dynamically detects memory management problems, such as valgrind.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory399Resource Management Errors
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base763Release of Invalid Pointer or Reference
Research Concepts (primary)1000
ChildOfCategoryCategory876CERT C++ Secure Coding Section 08 - Memory Management (MEM)
Weaknesses Addressed by the CERT C++ Secure Coding Standard (primary)868
ChildOfCategoryCategory969SFP Secondary Cluster: Faulty Memory Release
Software Fault Pattern (SFP) Clusters (primary)888
ParentOfWeakness VariantWeakness Variant590Free of Memory not on the Heap
Research Concepts (primary)1000
+ Affected Resources
  • Memory
+ Taxonomy Mappings
Mapped Taxonomy NameNode IDFitMapped Node Name
CERT C++ Secure CodingMEM39-CPPResources allocated by memory allocation functions must be released using the corresponding memory deallocation function
Software Fault PatternsSFP12Faulty Memory Release
+ References
[R.762.1] "boost C++ Library Smart Pointers". <>.
[R.762.2] "Valgrind". <>.
[R.762.3] [REF-36] iOS Developer Library. "Transitioning to ARC Release Notes". 2013-08-08. <>.
+ Content History
Submission DateSubmitterOrganizationSource
2009-05-08Internal CWE Team
Contribution DateContributorOrganizationSource
2010-04-30Martin SeborCisco Systems, Inc. Feedback
Provided improvement to existing Mitigation
Modification DateModifierOrganizationSource
2009-12-28CWE Content TeamMITREInternal
updated Applicable_Platforms, Likelihood_of_Exploit
2010-06-21CWE Content TeamMITREInternal
updated Description, Potential_Mitigations
2011-06-01CWE Content TeamMITREInternal
updated Common_Consequences
2011-09-13CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings
2012-05-11CWE Content TeamMITREInternal
updated Demonstrative_Examples, Relationships
2012-10-30CWE Content TeamMITREInternal
updated Potential_Mitigations
2014-02-18CWE Content TeamMITREInternal
updated Demonstrative_Examples, Potential_Mitigations, References
2014-07-30CWE Content TeamMITREInternal
updated Relationships, Taxonomy_Mappings

More information is available — Please select a different filter.
Page Last Updated: May 05, 2017