Page History

...

Do not call a deallocation function on anything other than nullptr , or a pointer returned by the corresponding allocation function described by the following.

Allocator	Deallocator
global `operator new()/new`	global `operator delete`()`/delete`
global `operator new[]()/new[]`	global `operator delete[]()/delete[]`
class-specific `operator new()/new`	`class-specific operator delete`()`/delete`
`class-specific operator new[]()/new[]`	`class-specific operator delete[]()/delete[]`
placement `operator new`()	N/A
`allocator<T>::allocate()`	`allocator<T>::deallocate()`
`std::malloc()`, `std::calloc()`, `std::realloc()`	`std::free()`
`std::get_temporary_buffer()`	`std::return_temporary_buffer()`

Page properties

hidden	true

While the wording for std::return_temporary_buffer() in C++14 does not imply that you can pass a null pointer to it, that wording is superseded by the resolution for LWG 2072 (http://www.open-std.org/jtc1/sc22/wg21/docs/lwg-active.html#2072) which does allow for null to be passed. Looking at all of the major implementations that I can get my hands on (MSVC STL, libc++, libstdc++, and stdcxx), it appears they all safely handle null pointer inputs as of 06/2015.

...

Passing a pointer value to a deallocation function that was not previously obtained by the matching allocation function results in undefined behavior, which can lead to exploitable vulnerabilities.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MEM51-CPP	High	Likely	Medium	P18	L1

Automated Detection

Tool

Version

Checker

Description

Clang

Include Page

	Clang_V
	Clang_V

clang-analyzer-cplusplus.NewDeleteLeaks

-Wmismatched-new-delete
clang-analyzer-unix.MismatchedDeallocator

Checked by clang-tidy, but does not catch all violations of this rule

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

ALLOC.FNH
ALLOC.TM

Free non-heap variable
Type mismatch

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

232 S, 236 S, 239 S, 407 S, 469 S, 470 S, 483 S, 484 S, 485 S, 64 D, 112 D

Partially implemented

Parasoft C/C++test

Include Page

cplusplus:

	Parasoft_V

cplusplus:

	Parasoft_V

MEM-06, MEM-12, MEM-28, MEM-29


Parasoft Insure++

			Runtime detection
PRQA QA-C++	4.1	2110, 2111, 2112, 2113, 2118, 4262, 4263, 4264, 3337, 3339

SonarQube C/C++ Plugin

Include Page

	SonarQube C/C++ Plugin_V
	SonarQube C/C++ Plugin_V

S1232


PVS-Studio	6.22	V515, V554, V611, V701, V748, V773	General analysis rule set

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding Standard	MEM53-CPP. Explicitly construct and destruct objects when manually managing object lifetime
SEI CERT C Coding Standard	MEM31-C. Free dynamically allocated memory when no longer needed MEM34-C. Only free memory allocated dynamically
MITRE CWE	CWE 590, Free of Memory Not on the Heap CWE 415, Double Free CWE 404, Improper Resource Shutdown or Release CWE 762, Mismatched Memory Management Routines

Bibliography

[Dowd 2007]	"Attacking `delete` and `delete []` in C++"
[Henricson 1997]	Rule 8.1, "`delete` should only be used with `new"` Rule 8.2, "`delete []` should only be used with `new []"`
[ISO/IEC 14882-2014]	Subclause 5.3.5, "Delete" Subclause 12.8, "Copying and Moving Class Objects" Subclause 18.6.1, "Storage Allocation and Deallocation" Subclause 20.7.11, "Temporary Buffers"
[Meyers 2005]	Item 16, "Use the Same Form in Corresponding Uses of `new` and `delete`"
[Seacord 2013]	Chapter 4, "Dynamic Memory Management"
[Viega 2005]	"Doubly Freeing Memory"

...

Space shortcuts

Page tree

Versions Compared

Old Version 48

New Version 49

Key

Automated Detection

Related Vulnerabilities

Related Guidelines

Bibliography