Home > Article > Operation and Maintenance > [Defect Weekly] Issue 31: Wrong memory release
Common memory application functions in C language include malloc()
, realloc()
, calloc()
, although they have different functions, they all correspond to the same memory release function free()
. The application and release of memory in C use new/delete, new [] /delete[] method. Regardless of whether it is C language or C language, when writing source code, you must choose the memory release method according to the different memory application methods to avoid using the wrong memory release. For example: mixed use of C/C memory allocation/release, or mixed use of scalar and vector memory allocation/release.
Incorrectly releasing memory may cause unexpected erroneous behavior of the program, or even cause the program to crash. Item 5 of "Effective C (Second Edition)" "The corresponding new and delete should adopt the same form" points out: "If the elements in the object are released incorrectly, it may cause the entire object or even the entire memory structure on the heap to be damaged. Corruption, resulting in memory leaks or even program crashes."
There is also vulnerability information related to this in the CVE database. From January 2018 to April 2019, there were a total of 3 related vulnerability information in the CVE database. The vulnerability information is as follows:
Vulnerability Overview | |
---|---|
dilawar sound2017-11-27 and the wav-file.cc file in previous versions have an incorrect memory release method vulnerability (new[]/delete) . | |
PDF2JSON There is an incorrect memory release vulnerability in the 'XmlFontAccu::CSStyle' function of the XmlFonts.cc file in version 0.69 (new[] /delete). | |
PDF2JSON An incorrect memory method vulnerability (malloc/delete) exists in the HtmlString class of the ImgOutputDev.cc file in version 0.69. |
new[] The object array is released using
delete on line 34. Since
new[] is not used when releasing the object array, the corresponding
delete[] exists. "Wrong memory release method" problem.
new[] on line 31, and Line 33 uses
delete[] to release. This avoids incorrect memory release methods.
The above is the detailed content of [Defect Weekly] Issue 31: Wrong memory release. For more information, please follow other related articles on the PHP Chinese website!