CWE-761

Free of Pointer not at Start of Buffer

The product calls free() on a pointer to a memory resource that was allocated on the heap, but the pointer is not at the start of the buffer.

Mitigation

Phase: Implementation

Description:

  • When utilizing pointer arithmetic to traverse a buffer, use a separate variable to track progress through memory and preserve the originally allocated address for later freeing.
Mitigation

Phase: Implementation

Description:

  • When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.
Mitigation ID: MIT-4.6

Phase: Architecture and Design

Strategy: Libraries or Frameworks

Description:

  • Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
  • For example, glibc in Linux provides protection against free of invalid pointers.
Mitigation

Phase: Architecture and Design

Description:

  • Use a language that provides abstractions for memory allocation and deallocation.
Mitigation

Phase: Testing

Description:

  • Use a tool that dynamically detects memory management problems, such as valgrind.

No CAPEC attack patterns related to this CWE.

Back to CWE stats page