A simple, yet effective way to avoid double-free and access-freed-memory vulnerabilities is to set pointers to NULL after they have been freed. Calling free() on a NULL pointer incurs results in no action being taken by free(). As a result, freed pointers can be safely set to NULL to help eliminate memory related vulnerabilities.
...
| Code Block |
|---|
if (!strcmp(message,value_1)) {
process_message(message);
free(message);
}
if (!strcmp(message,value_2)) {
process_message(message);
free(message);
}
|
...
| Code Block |
|---|
if (!strcmp(message,value_1)) {
process_message(message);
free(message);
message = NULL;
}
if (!strcmp(message,value_2)) {
process_message(message);
free(message);
message = NULL;
}
|
References
- ISO/IEC 9899-1999 Section 7.20.3.2 The free function
- Seacord 05 Chapter 4 Dynamic Memory Management