[Defect Weekly] Issue 31: Wrong memory release
1. Wrong memory release method
Common memory application functions in C language include malloc(), realloc() , calloc(), although they have different functions, they all correspond to the same memory release function free(). The application and release of memory in C use new/delete, new [] /delete[] method. Regardless of whether it is C language or C language, when writing source code, you must choose the memory release method according to the different memory application methods to avoid using the wrong memory release. For example: mixed use of C/C memory allocation/release, or mixed use of scalar and vector memory allocation/release.
2. The harm of incorrect memory release methods
Incorrectly releasing memory may cause unexpected erroneous behavior of the program, or even cause the program to crash. Item 5 of "Effective C (Second Edition)" "The corresponding new and delete should adopt the same form" points out: "If the elements in the object are released incorrectly, it may cause the entire object or even the entire memory structure on the heap to be damaged. Corruption, resulting in memory leaks or even program crashes."
There is also vulnerability information related to this in the CVE database. From January 2018 to April 2019, there were a total of 3 related vulnerability information in the CVE database. The vulnerability information is as follows:
| Vulnerability Overview | |
|---|---|
| dilawar sound2017-11-27 and the wav-file.cc file in previous versions have an incorrect memory release method vulnerability (new[]/delete) . | |
| PDF2JSON There is an incorrect memory release vulnerability in the 'XmlFontAccu::CSStyle' function of the XmlFonts.cc file in version 0.69 (new[] /delete). | |
| PDF2JSON An incorrect memory method vulnerability (malloc/delete) exists in the HtmlString class of the ImgOutputDev.cc file in version 0.69. |
3. Sample code
The example comes from Samate Juliet Test Suite for C/C v1.3 (https:// samate.nist.gov/SARD/testsuite.php), source file name: CWE762_Mismatched_Memory_Management_Routines__new_array_delete_char_01.cpp.3.1 Defect code
![[Defect Weekly] Issue 31: Wrong memory release](https://img.php.cn/upload/article/000/887/227/168485445728917.jpg)
new[] The object array is released using delete on line 34. Since new[] is not used when releasing the object array, the corresponding delete[] exists. "Wrong memory release method" problem.
![[Defect Weekly] Issue 31: Wrong memory release](https://img.php.cn/upload/article/000/887/227/168485445778735.jpg)
3.2 Repair code
![[Defect Weekly] Issue 31: Wrong memory release](https://img.php.cn/upload/article/000/887/227/168485445736601.jpg)
new[] on line 31, and Line 33 uses delete[] to release. This avoids incorrect memory release methods.
![[Defect Weekly] Issue 31: Wrong memory release](https://img.php.cn/upload/article/000/887/227/168485445718271.jpg)
4. How to avoid wrong memory release methods
To avoid wrong memory release methods, you need to pay attention to the following points: (1) When releasing memory, clarify the method used for memory application to avoid complex program structures and personnel negligence. As a result, the wrong release method is used. (2) Using source code static analysis tools can effectively detect this type of problem.The above is the detailed content of [Defect Weekly] Issue 31: Wrong memory release. For more information, please follow other related articles on the PHP Chinese website!
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
![[Defect Weekly] Issue 31: Wrong memory release](https://img.php.cn/upload/article/000/887/227/168485445614044.jpg?x-oss-process=image/resize,m_fill,h_207,w_330)
[Defect Weekly] Issue 31: Wrong memory release
May 23, 2023 pm 11:07 PM
1. Wrong memory release method. Common memory application functions in C language include malloc(), realloc(), and calloc(). Although they have different functions, they all correspond to the same memory release function free(). The function of memory in C++ Application and release adopt new/delete, new[]/delete[] methods. Regardless of whether it is C language or C++ language, when writing source code, you must choose the memory release method according to the different memory application methods to avoid using the wrong memory release. For example: mixed use of C/C++ memory allocation/release, or mixed use of scalar and vector memory allocation/release. 2. The harm of wrong memory release method. Using the wrong memory release method,
Recommended PHP code auditing techniques and practical tools
Aug 08, 2023 pm 02:15 PM
Overview of recommended PHP code auditing techniques and practical tools: With the rapid development of the Internet, website security issues have become increasingly prominent. As a language widely used in Internet development, PHP's code security audit has become a very important link. This article will introduce some basic techniques for PHP code auditing and recommend several practical tools. 1. Code audit technology scans sensitive functions. In PHP code audit, the first thing to pay attention to is the use of sensitive functions. For example, the eval() function can execute any code passed in, so
How to use Python for software code auditing
Jun 29, 2023 am 10:13 AM
How to use Python for software code auditing With the rapid development of software applications, code quality and security issues have also received increasing attention. Code auditing is a process of evaluating and checking code quality and discovering potential vulnerabilities and security issues. As a flexible and feature-rich programming language, Python is widely used in the practice of code auditing. This article will briefly introduce how to use Python for software code auditing. 1. Understand the basic concepts of code auditing. Before conducting code auditing, we first need to understand the meaning of code auditing.
How to do basic code auditing with PHP
Jun 22, 2023 pm 02:06 PM
With the improvement of network security awareness and the continuous upgrading of hacker attack methods, website security issues have become an unavoidable issue for enterprises and individuals. In this era when the problem is particularly severe, PHP is a popular web development language, and more and more companies or individuals develop their websites through PHP. In order to ensure the security of PHP websites, code auditing is an indispensable link. What is code auditing? Code auditing is the process of analyzing website code to find security vulnerabilities. This is a systematic and in-depth
How to handle code auditing and bug fixing in PHP development
Oct 10, 2023 am 09:41 AM
How to handle code auditing and vulnerability repair in PHP development With the rapid development of the Internet, PHP, as a widely used programming language, occupies an important position in the development of websites and applications. However, due to its open source nature, PHP code can also be easily exploited by hackers, causing security vulnerabilities. For PHP developers, code auditing and vulnerability repair are issues that must be paid attention to. This article will detail how to handle code auditing and vulnerability fixing in PHP development, with specific code examples. 1. Code auditCode audit
Analysis of PHP security code audit technology
Jun 30, 2023 pm 10:25 PM
PHP is a widely used server-side scripting language that is widely used in web development and dynamic website building. However, with the rapid development of the Internet and the increase in network security threats, security issues have gradually become more and more important to developers. In PHP development, security code auditing technology plays a vital role. This article will deeply explore the analysis of security code auditing technology in PHP to help developers better protect their applications. First, we need to understand what security code auditing is. Security code auditing refers to a full review of the code
How to carry out security protection in PHP back-end function development?
Aug 06, 2023 pm 09:30 PM
How to carry out security protection in PHP back-end function development? With the popularization of the Internet and the rapid development of related technologies, PHP, as a widely adopted back-end development language, has more and more users. However, the resulting security issues cannot be ignored. In order to protect user data and prevent malicious attacks, developers need to pay attention to the security of PHP back-end function development. This article will introduce some common security protection measures in PHP back-end function development and give corresponding code examples. Input validation and data filtering when receiving and processing users
Code auditing in PHP
May 24, 2023 am 08:04 AM
With the continuous development of network technology, various applications have gradually become an indispensable part of life. As a programming language widely used in web development, PHP also plays an important role in many applications. However, the security of PHP code is often overlooked and ignored. For hackers and attackers, PHP applications become targets of attacks, and how to guard against and prevent attacks requires PHP code auditing. What is PHP code auditing? PHP code auditing refers to checking PHP code,
