forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathUseAfterFree.qhelp
More file actions
33 lines (25 loc) · 1.05 KB
/
UseAfterFree.qhelp
File metadata and controls
33 lines (25 loc) · 1.05 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
This rule finds accesses through a pointer of a memory location that has already been freed (i.e. through a dangling pointer).
Such memory blocks have already been released to the dynamic memory manager, and modifying them can lead to anything
from a segfault to memory corruption that would cause subsequent calls to the dynamic memory manger to behave
erratically, to a possible security vulnerability.
</p>
<include src="pointsToWarning.inc.qhelp" />
</overview>
<recommendation>
<p>
Ensure that all execution paths that access memory through a pointer never access that pointer after it is freed.
</p>
</recommendation>
<example><sample src="UseAfterFree.cpp" />
</example>
<references>
<li>I. Gerg. <em>An Overview and Example of the Buffer-Overflow Exploit</em>. IANewsletter vol 7 no 4. 2005.</li><li>
M. Donaldson. <em>Inside the Buffer Overflow Attack: Mechanism, Method & Prevention</em>. SANS Institute InfoSec Reading Room. 2002.</li>
</references>
</qhelp>