...
Passing a pointer value to a deallocation function that was not previously obtained by the matching allocation function results in undefined behavior, which can lead to exploitable vulnerabilities.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
MEM51-CPP | High | Likely | No | NoMedium | P18 P9 | L1 L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| invalid_dynamic_memory_allocation dangling_pointer_use | |||||||||
| Axivion Bauhaus Suite |
| CertC++-MEM51 | |||||||||
| Clang |
| clang-analyzer-cplusplus.NewDeleteLeaks -Wmismatched-new-delete | Checked by clang-tidy, but does not catch all violations of this rule | ||||||||
| CodeSonar |
| ALLOC.DF | Free non-heap variable Double free Type mismatch Leak | ||||||||
| Helix QAC |
| C++2110, C++2111, C++2112, C++2113, C++2118, C++3337, C++3339, C++4262, C++4263, C++4264 | |||||||||
| Klocwork |
| CL.FFM.ASSIGN CL.FFM.COPY CL.FMM CL.SHALLOW.ASSIGN CL.SHALLOW.COPY FMM.MIGHT FMM.MUST FNH.MIGHT FNH.MUST FUM.GEN.MIGHT FUM.GEN.MUST UNINIT.CTOR.MIGHT UNINIT.CTOR.MUST UNINIT.HEAP.MIGHT UNINIT.HEAP.MUST | |||||||||
| LDRA tool suite |
| 232 S, 236 S, 239 S, 407 S, 469 S, 470 S, 483 S, 484 S, 485 S, 64 D, 112 D | Partially implemented | ||||||||
| Parasoft C/C++test |
| CERT_CPP-MEM51-a | Use the same form in corresponding calls to new/malloc and delete/free | ||||||||
| Parasoft Insure++ | Runtime detection | ||||||||||
| Polyspace Bug Finder |
| CERT C++: MEM51-CPP | Checks for:
Rule partially covered. | ||||||||
| PVS-Studio |
| V515, V554, V611, V701, V748, V773, V1066 | |||||||||
| Security Reviewer - Static Reviewer |
| wcsdupCalled | Fully implemented | ||||||||
| SonarQube C/C++ Plugin |
| S1232 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...