Mismatched Memory Management Routines
Weakness ID: 762 (Weakness Variant)Status: Incomplete
+ Description

Description Summary

The application attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.

Extended Description

This weakness can be generally described as mismatching memory management routines, such as:

  • 1. The memory was allocated on the stack (automatically), but it was deallocated using the memory management routine free() (CWE-590), which is intended for explicitly allocated heap memory.

  • 2. The memory was allocated explicitly using one set of memory management functions, and deallocated using a different set. For example, memory might be allocated with malloc() in C++ instead of the new operator, and then deallocated with the delete operator.

When the memory management functions are mismatched, the consequences may be as severe as code execution, memory corruption, or program crash. Consequences and ease of exploit will vary depending on the implementation of the routines and the object being managed.

+ Time of Introduction
  • Implementation
+ Applicable Platforms

Languages

C

C++

Manual Memory Managed Languages

+ Likelihood of Exploit

Low

+ Demonstrative Examples

Example 1

This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.

(Bad Code)
Example Language: C++ 
void foo(){
BarObj *ptr = new BarObj()
/* do some work with ptr here */
...

free(ptr);
}

Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator.

(Good Code)
Example Language: C++ 
void foo(){
BarObj *ptr = new BarObj()
/* do some work with ptr here */
...

delete ptr;
}
+ Potential Mitigations

Phase: Implementation

Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().

Phase: Implementation

When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.

Phases: Implementation; Operation

Use a library that contains built-in protection against free of invalid pointers, such as glibc.

Phase: Architecture and Design

Use a language that provides abstractions for memory allocation and deallocation.

Phase: Testing

Use a tool that dynamically detects memory management problems, such as valgrind.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory399Resource Management Errors
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base763Release of Invalid Pointer or Reference
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant590Free of Memory not on the Heap
Research Concepts (primary)1000
+ Affected Resources
  • Memory
+ References
+ Content History
Submissions
Submission DateSubmitterOrganizationSource
2009-05-08Internal CWE Team
Modifications
Modification DateModifierOrganizationSource
2009-12-28CWE Content TeamMITREInternal
updated Applicable Platforms, Likelihood of Exploit
Back to top