SEC-BUFFER-use-after-free-some
Synopsis
A pointer is used after it has been freed, on some execution paths.
Enabled by default
Yes
Severity/Certainty
High/Low
Full description
A pointer is used after it has been freed, on some execution paths. This might cause data corruption or an application crash. A pointer should be assigned to a different and valid memory location (either by aliasing another pointer, or by performing another allocation) before being used. This check is identical to MEM-use-free-some, MISRAC2012-Dir-4.13_e, MISRAC2012-Rule-1.3_p, CERT-MEM30-C_b.
Coding standards
- CERT MEM30-C
Do not access freed memory
- CWE 416
Use After Free
- MISRA C:2012 Dir-4.13
(Advisory) Functions which are designed to provide operations on a resource should be called in an appropriate sequence
- MISRA C:2012 Rule-1.3
(Required) There shall be no occurrence of undefined or critical unspecified behaviour
Code examples
The following code example fails the check and will give a warning:
#include <stdlib.h>
void example(void) {
int *x;
x = (int *)malloc(sizeof(int));
free(x);
if (rand()) {
x = (int *)malloc(sizeof(int));
}
else {
/* x not reallocated along this path */
}
(*x)++;
}
The following code example passes the check and will not give a warning about this issue:
#include <stdlib.h>
void example(void) {
int *x;
x = (int *)malloc(sizeof(int));
free(x);
x = (int *)malloc(sizeof(int));
*x++;
}