Memory management is a common source of programming flaws that can lead to security vulnerabilities. Decisions regarding how dynamic memory is allocated, used and de-allocated are the burden of the programmer. Poor memory management can lead to security issues such as heap-buffer overflows, writing to already freed memory, and double-free issues Seacord 05. From the programmer's perspective, memory management involves allocating memory, writing and reading to memory, and deallocating memory.
The following rules and recommendations are designed to reduce the common errors associated with memory management. These guidelines address common misunderstandings and errors in memory management that lead to security vulnerabilities.
These guidelines apply to the following standard memory management routines described in C99 section 7.20.3:
void * malloc(size_t size); void * calloc(size_t nmemb, size_t size); void * realloc(void *ptr, size_t size); void free(void *ptr); |
The specific characteristics of these routines are based on the compiler used. With a few exceptions, this document only considers the general and compiler-independent attributes of these routines.
Do not use user-defined functions as parameters to allocation routines
Allocate and free memory in the same module, at the same level of abstraction
Set pointers to dynamically allocated memory to NULL after they are released
Adopt consistent guidelines for memory allocation and de-allocation
Do not free memory multiple times
Detect and handle memory allocation errors
Do not assume memory allocation routines initialize memory
Only free memory allocated dynamically
Do not make assumptions about the result of malloc(0), calloc(0)
Assure that the arguments to calloc() do not result in an integer overflow