A simple, yet effective way to avoid double-free and access-freed-memory vulnerabilities is to set pointers to NULL after they have been freed. Calling free() on a NULL pointer results in no action being taken by free(). As a result, it is recommended that freed pointers be set to NULL to help eliminate memory related vulnerabilities.
may result in accessing freed memory
if (!strcmp(message,value_1)) {
process_message(message);
free(message);
}
if (!strcmp(message,value_2)) {
process_message(message);
free(message);
}
|
memory set to NULL to correct this
if (!strcmp(message,value_1)) {
process_message(message);
free(message);
message = NULL;
}
if (!strcmp(message,value_2)) {
process_message(message);
free(message);
message = NULL;
}
|