Release of Invalid Pointer or Reference
Weakness ID: 763 (Weakness Base)Status: Incomplete
+ Description

Description Summary

The application attempts to return a memory resource to the system, but calls the wrong release function or calls the appropriate release function incorrectly.

Extended Description

This weakness can take several forms, such as:

  • 1. The memory was allocated, explicitly or implicitly, via one memory management method and deallocated using a different, non-compatible function (CWE-762).

  • 2. The function calls or memory management routines chosen are appropriate, however they are used incorrectly, such as in CWE-761.

+ Time of Introduction
  • Implementation
+ Potential Mitigations

Phase: Implementation

Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().

Phase: Implementation

When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.

Phases: Implementation; Operation

Use a library that contains built-in protection against free of invalid pointers, such as glibc.

Phase: Architecture and Design

Use a language that provides abstractions for memory allocation and deallocation.

Phase: Testing

Use a tool that dynamically detects memory management problems, such as valgrind.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory399Resource Management Errors
Development Concepts (primary)699
ChildOfWeakness BaseWeakness Base404Improper Resource Shutdown or Release
Research Concepts (primary)1000
ChildOfCategoryCategory633Weaknesses that Affect Memory
Resource-specific Weaknesses (primary)631
ParentOfWeakness VariantWeakness Variant761Free of Pointer not at Start of Buffer
Research Concepts (primary)1000
ParentOfWeakness VariantWeakness Variant762Mismatched Memory Management Routines
Research Concepts (primary)1000
+ Affected Resources
  • Memory
+ References
+ Maintenance Notes

This area of the view CWE-1000 hierarchy needs additional work. Several entries will likely be created in this branch. Currently the focus is on free() of memory, but delete and other related release routines may require the creation of intermediate entries that are not specific to a particular function. In addition, the role of other types of invalid pointers, such as an expired pointer, i.e. CWE-415 Double Free and release of uninitialized pointers, related to CWE-457.

+ Content History
Submission DateSubmitterOrganizationSource
2009-05-08Internal CWE Team