...
| Code Block |
|---|
if (message_type == value_1) {
/* Process message type 1 */
free(message);
message = NULL;
}
/* ...*/
if (message_type == value_2) {
/* Process message type 2 */
free(message);
message = NULL;
}
|
...
Risk Assessment
Setting pointers to null after memory has been freed is a simple and easily implemented solution for reducing dangling pointers. Dangling pointers can result in freeing memory multiple times or in writing to memory that has already been freed. Both of these problems can lead to an attacker executing arbitrary code with the permissions of the vulnerable process.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level | |
|---|---|---|---|---|---|---|
MEM01-A | ||||||
Component | Value | |||||
Severity | 3 (high) | Likelihood | 2 (probable) Remediation cost | 3 (low) | P18 | L1 |
References
- ISO/IEC 9899-1999 Section 7.20.3.2, The free function
- Seacord 05 Chapter 4, Dynamic Memory Management
- Consistent Memory Management Conventions, Dan Plakosh