[Defect Weekly] Issue 31: Wrong memory release

1. Wrong memory release method

Common memory application functions in C language include malloc(), realloc() , calloc(), although they have different functions, they all correspond to the same memory release function free(). The application and release of memory in C use new/delete, new [] /delete[] method. Regardless of whether it is C language or C language, when writing source code, you must choose the memory release method according to the different memory application methods to avoid using the wrong memory release. For example: mixed use of C/C memory allocation/release, or mixed use of scalar and vector memory allocation/release.

2. The harm of incorrect memory release methods

Incorrectly releasing memory may cause unexpected erroneous behavior of the program, or even cause the program to crash. Item 5 of "Effective C (Second Edition)" "The corresponding new and delete should adopt the same form" points out: "If the elements in the object are released incorrectly, it may cause the entire object or even the entire memory structure on the heap to be damaged. Corruption, resulting in memory leaks or even program crashes."

There is also vulnerability information related to this in the CVE database. From January 2018 to April 2019, there were a total of 3 related vulnerability information in the CVE database. The vulnerability information is as follows:

##CVEVulnerability OverviewCVE-2018-14948dilawar sound2017-11-27 and the wav-file.cc file in previous versions have an incorrect memory release method vulnerability (new[]/delete) . CVE-2018-14947PDF2JSON There is an incorrect memory release vulnerability in the 'XmlFontAccu::CSStyle' function of the XmlFonts.cc file in version 0.69 (new[] /delete). CVE-2018-14946PDF2JSON An incorrect memory method vulnerability (malloc/delete) exists in the HtmlString class of the ImgOutputDev.cc file in version 0.69.

3. Sample code

The example comes from Samate Juliet Test Suite for C/C v1.3 (https:// samate.nist.gov/SARD/testsuite.php), source file name: CWE762_Mismatched_Memory_Management_Routines__new_array_delete_char_01.cpp.

3.1 Defect code

In the above example code, line 31 is created using

new[] The object array is released using delete on line 34. Since new[] is not used when releasing the object array, the corresponding delete[] exists. "Wrong memory release method" problem.

Use Code Guard to detect the above sample code. You can detect the "wrong memory release method" defect, and the display level is medium. As shown in Figure 1:

Figure 1: Detection example of wrong memory release method

3.2 Repair code

In the above repair code, the repair method given by Samate is: create an object array through

new[] on line 31, and Line 33 uses delete[] to release. This avoids incorrect memory release methods.

Use Code Guard to detect the repaired code, and you can see that the "wrong memory release method" defect no longer exists. As shown in Figure 2:

Figure 2: Detection results after repair

4. How to avoid wrong memory release methods

To avoid wrong memory release methods, you need to pay attention to the following points:

(1) When releasing memory, clarify the method used for memory application to avoid complex program structures and personnel negligence. As a result, the wrong release method is used.

(2) Using source code static analysis tools can effectively detect this type of problem.

The above is the detailed content of [Defect Weekly] Issue 31: Wrong memory release. For more information, please follow other related articles on the PHP Chinese website!