SEC-BUFFER-use-after-free-all
Synopsis
A pointer is used after it has been freed, on all execution paths.
Enabled by default
Yes
Severity/Certainty
High/High
Full description
Memory is being accessed after it has been deallocated. The application might seem to work, but the operation is illegal. This will probably cause an application crash, or the program might continue operating with erroneous or corrupt data. A pointer should be assigned to a different and valid memory location (either by aliasing another pointer, or by performing another allocation) before being used. This check is identical to MISRAC2012-Dir-4.13_d, MISRAC2012-Rule-1.3_o, CERT-MEM30-C_a, MEM-use-free-all.
Coding standards
- CERT MEM30-C
Do not access freed memory
- CWE 416
Use After Free
- MISRA C:2012 Dir-4.13
(Advisory) Functions which are designed to provide operations on a resource should be called in an appropriate sequence
- MISRA C:2012 Rule-1.3
(Required) There shall be no occurrence of undefined or critical unspecified behaviour
Code examples
The following code example fails the check and will give a warning:
#include <stdlib.h>
void example(void) {
int *x;
x = (int *)malloc(sizeof(int));
free(x);
*x++; //x is dereferenced after it is freed
}
The following code example passes the check and will not give a warning about this issue:
#include <stdlib.h>
void example(void) {
int *x;
x = (int *)malloc(sizeof(int));
free(x);
x = (int *)malloc(sizeof(int));
*x++; //OK - x is reallocated
}