| View unanswered posts | View active topics |
It is currently Sun Apr 19, 2026 5:47 am |
|
All times are UTC - 5 hours |
free memory
Moderators: ElderProphet, Mind Dagger, deer_buster
|
Page 1 of 1 |
[ 2 posts ] |
| Print view | Previous topic | First unread post | Next topic |
free memory
| Author | Message |
|---|---|
|
Ambassador  Joined: Fri Feb 23, 2001 3:00 am Posts: 331 Location: USA 
|
 free memoryI recall this having some possible issue many years back, but I cannot remember why
 . Any C/C++ programmers can review and give insight? This method allows an override to the standard free (in c) so that additional memory clearing can be utilized such as setting memory reference to null.Thanks, earth. Code: pfree((void**) &data); void pfree (void **x) { if (*x==NULL) { //some memory error } else { free(*x); } *x = NULL; } _________________ ATTAC TCP/IP Helper http://www.tw-attac.com TWXSync Server (realtime data synchronization) http://www.tw-attac.com/twxsync.html |
| Sun Jan 03, 2010 11:33 pm |
  
|
|
|
|
Commander  Joined: Fri Aug 20, 2004 2:00 am Posts: 1801 Location: Outer Rims
|
Re: free memory Freeing memory multiple times has similar consequences to accessing memory after it is freed. The underlying data structures that manage the heap can become corrupted in a way that can introduce security vulnerabilities into a program. These types of issues are referred to as double-free vulnerabilities. In practice, double-free vulnerabilities can be exploited to execute arbitrary code.
To eliminate double-free vulnerabilities, it is necessary to guarantee that dynamic memory is freed exactly one time. Programmers should be wary when freeing memory in a loop or conditional statement; if coded incorrectly, these constructs can lead to double-free vulnerabilities. It is also a common error to misuse the realloc() function in a manner that results in double-free vulnerabilities In this noncompliant code example, the memory referred to by x may be freed twice: once if error_condition is true and again at the end of the code. Code: size_t num_elem = /* some initial value */; int error_condition = 0; int *x = (int *)malloc(num_elem * sizeof(int)); if (x == NULL) { /* handle allocation error */ } /* ... */ if (error_condition == 1) { /* handle error condition*/ free(x); x = NULL; } /* ... */ free(x); x = NULL; In this compliant solution, the free a referenced by x is only freed once. This is accomplished by eliminating the call to free() when error_condition is equal to 1. Code: size_t num_elem = /* some initial value */; int error_condition = 0; if (num_elem > SIZE_MAX/sizeof(int)) { /* Handle overflow */ } int *x = (int *)malloc(num_elem * sizeof(int)); if (x == NULL) { /* handle allocation error */ } /* ... */ if (error_condition == 1) { /* Handle error condition*/ } /* ... */ free(x); x = NULL; Note that this solution checks for numeric overflow. Cheers _________________ -Thrawn But risk has always been an inescapable part of warfare. -- Knight to Queen's Bishop 3 |
| Mon Jan 04, 2010 1:24 am |
|
|
|
|
|
Page 1 of 1 |
[ 2 posts ] |
|
All times are UTC - 5 hours |
Who is online |
Users browsing this forum: No registered users and 18 guests |
| You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot post attachments in this forum |