MEM-double-free-alias
Synopsis
Freeing a memory location more than once.
Enabled by default
Yes
Severity/Certainty
High/Medium
Full description
An attempt is made to free a memory location after it has already been freed. This will most likely cause an application crash. Unlike MEM-double-free, MEM-double-free-alias examines the location that pointers point to instead of the pointers themselves. You might see reports for code that looks like this (example of a linked list where each node has a pointer to an element, elem): for (; list != NULL; list = list->next) { free(list->elem); } The warning is issued because there is no guarantee that each list node's elem field is the same.
Coding standards
- CERT MEM31-C
Free dynamically allocated memory exactly once
- CWE 415
Double Free
Code examples
The following code example fails the check and will give a warning:
#include <stdlib.h>
void f(int *p) {
free(p);
if(p) free(p);
}
The following code example passes the check and will not give a warning about this issue:
#include <stdlib.h>
void example(void)
{
int *p=malloc(4);
free(p);
}