...
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <iostream>
struct S {
S() { std::cout << "S::S()" << std::endl; }
~S() { std::cout << "S::~S()" << std::endl; }
};
void f() {
alignas(struct S) char space[sizeof(struct S)];
S *s1 = new (&space) S;
// ...
s1->~S();
} |
Noncompliant Code Example (
...
In this noncompliant code example, two allocations are attempted within the same try block, and if either fails, the catch handler attempts to free resources that have been allocated. However, because the pointer variables have not been initialized to a known value, a failure to allocate memory for i1 may result in passing ::operator delete() a value (in i2) that was not previously returned by a call to ::operator new(), resulting in undefined behavior.
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <new>
void f() {
int *i1, *i2;
try {
i1 = new int;
i2 = new int;
} catch (std::bad_alloc &) {
delete i1;
delete i2;
}
} |
Compliant Solution (Uninitialized delete)
This compliant solution initializes both pointer values to nullptr, which is a valid value to pass to ::operator delete().
| Code Block | ||||
|---|---|---|---|---|
| ||||
#include <new>
void f() {
int *i1 = nullptr, *i2 = nullptr;
try {
i1 = new int;
i2 = new int;
} catch (std::bad_alloc &) {
delete i1;
delete i2;
}
} |
Noncompliant Code Example (Double-Free)
Once a pointer is passed to the proper deallocation function, that pointer value is invalidated. Passing the pointer to a deallocation function a second time when the pointer value has not been returned by a subsequent call to an allocation function results in an attempt to free memory that has not been allocated dynamically. The underlying data structures that manage the heap can become corrupted in a way that can introduce security vulnerabilities into a program. These types of issues are called double-free vulnerabilities. In practice, double-free vulnerabilities can be exploited to execute arbitrary code.
...