CWE-762 不匹配的内存管理例程
Mismatched Memory Management Routines
结构: Simple
Abstraction: Variant
状态: Incomplete
被利用可能性: Low
基本描述
The application attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.
扩展描述
This weakness can be generally described as mismatching memory management routines, such as:
When the memory management functions are mismatched, the consequences may be as severe as code execution, memory corruption, or program crash. Consequences and ease of exploit will vary depending on the implementation of the routines and the object being managed.
相关缺陷
- cwe_Nature: ChildOf cwe_CWE_ID: 763 cwe_View_ID: 1000 cwe_Ordinal: Primary
适用平台
Language: [{'cwe_Name': 'C', 'cwe_Prevalence': 'Undetermined'}, {'cwe_Name': 'C++', 'cwe_Prevalence': 'Undetermined'}]
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| ['Integrity', 'Availability', 'Confidentiality'] | ['Modify Memory', 'DoS: Crash, Exit, or Restart', 'Execute Unauthorized Code or Commands'] |
可能的缓解方案
Implementation
策略:
Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
MIT-41 Implementation
策略: Libraries or Frameworks
Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
MIT-4.6 Architecture and Design
策略: Libraries or Frameworks
Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, glibc in Linux provides protection against free of invalid pointers.
Architecture and Design
策略:
Use a language that provides abstractions for memory allocation and deallocation.
Testing
策略:
Use a tool that dynamically detects memory management problems, such as valgrind.
示例代码
例
This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.
bad C++
/ do some work with ptr here */
...
free(ptr);
Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator.
good C++
/ do some work with ptr here */
...
delete ptr;
例
In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.
bad C++
void A::foo(){
ptr = (int)malloc(sizeof(int));
delete ptr;
例
In this example, the program calls the delete[] function on non-heap memory.
bad C++
void A::foo(bool heap) {
int *p = localArray;
if (heap){
delete[] p;
Notes
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| CERT C Secure Coding | WIN30-C | Exact | Properly pair allocation and deallocation functions |
| Software Fault Patterns | SFP12 | Faulty Memory Release |