{"@ID": "762", "@Name": "Mismatched Memory Management Routines", "@Abstraction": "Variant", "@Structure": "Simple", "@Status": "Incomplete", "Description": "The product attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource.", "Extended_Description": {"xhtml:p": ["This weakness can be generally described as mismatching memory management routines, such as:", "When the memory management functions are mismatched, the consequences may be as severe as code execution, memory corruption, or program crash. Consequences and ease of exploit will vary depending on the implementation of the routines and the object being managed."], "xhtml:ul": {"xhtml:li": ["The memory was allocated on the stack (automatically), but it was deallocated using the memory management routine free() (CWE-590), which is intended for explicitly allocated heap memory.", "The memory was allocated explicitly using one set of memory management functions, and deallocated using a different set. For example, memory might be allocated with malloc() in C++ instead of the new operator, and then deallocated with the delete operator."]}}, "Related_Weaknesses": {"Related_Weakness": [{"@Nature": "ChildOf", "@CWE_ID": "763", "@View_ID": "1000", "@Ordinal": "Primary"}, {"@Nature": "ChildOf", "@CWE_ID": "404", "@View_ID": "1340", "@Ordinal": "Primary"}]}, "Weakness_Ordinalities": {"Weakness_Ordinality": [{"Ordinality": "Primary"}, {"Ordinality": "Resultant"}]}, "Applicable_Platforms": {"Language": [{"@Class": "Memory-Unsafe", "@Prevalence": "Often"}, {"@Name": "C", "@Prevalence": "Undetermined"}, {"@Name": "C++", "@Prevalence": "Undetermined"}]}, "Modes_Of_Introduction": {"Introduction": {"Phase": "Implementation"}}, "Likelihood_Of_Exploit": "Low", "Common_Consequences": {"Consequence": {"Scope": ["Integrity", "Availability", "Confidentiality"], "Impact": ["Modify Memory", "DoS: Crash, Exit, or Restart", "Execute Unauthorized Code or Commands"]}}, "Detection_Methods": {"Detection_Method": {"@Detection_Method_ID": "DM-15", "Method": "Automated Dynamic Analysis", "Description": "Use tools that are integrated during\n\t     compilation to insert runtime error-checking mechanisms\n\t     related to memory safety errors, such as AddressSanitizer\n\t     (ASan) for C/C++ [REF-1518] or valgrind [REF-480].", "Effectiveness": "Moderate", "Effectiveness_Notes": "Crafted inputs are necessary to\n\t     reach the code containing the error, such as generated\n\t     by fuzzers.  Also, these tools may reduce performance,\n\t     and they only report the error condition - not the\n\t     original mistake that led to the\n\t     error."}}, "Potential_Mitigations": {"Mitigation": [{"Phase": "Implementation", "Description": "Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free()."}, {"@Mitigation_ID": "MIT-41", "Phase": "Implementation", "Strategy": "Libraries or Frameworks", "Description": {"xhtml:p": ["Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone.", "For example, glibc in Linux provides protection against free of invalid pointers.", "When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391].", "To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost."]}}, {"@Mitigation_ID": "MIT-4.6", "Phase": "Architecture and Design", "Strategy": "Libraries or Frameworks", "Description": {"xhtml:p": ["Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.", "For example, glibc in Linux provides protection against free of invalid pointers."]}}, {"Phase": "Architecture and Design", "Description": "Use a language that provides abstractions for memory allocation and deallocation."}]}, "Demonstrative_Examples": {"Demonstrative_Example": [{"@Demonstrative_Example_ID": "DX-80", "Intro_Text": "This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.", "Example_Code": [{"@Nature": "Bad", "@Language": "C++", "xhtml:div": {"xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": {"xhtml:br": [null, null, null, null, null], "xhtml:i": "/* do some work with ptr here */", "#text": "BarObj *ptr = new BarObj()\n                           \n                           \n                           ...\n                           free(ptr);"}}, "#text": "void foo(){}"}}, {"@Nature": "Good", "@Language": "C++", "xhtml:div": {"xhtml:div": {"@style": "margin-left:1em;", "xhtml:div": {"xhtml:br": [null, null, null, null, null], "xhtml:i": "/* do some work with ptr here */", "#text": "BarObj *ptr = new BarObj()\n                           \n                           \n                           ...\n                           delete ptr;"}}, "#text": "void foo(){}"}}], "Body_Text": "Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator."}, {"@Demonstrative_Example_ID": "DX-85", "Intro_Text": "In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.", "Example_Code": {"@Nature": "Bad", "@Language": "C++", "xhtml:div": {"xhtml:div": [{"@style": "margin-left:1em;", "#text": "void foo();"}, {"@style": "margin-left:1em;", "xhtml:br": [null, null], "#text": "int *ptr;ptr = (int*)malloc(sizeof(int));delete ptr;"}], "xhtml:br": null, "#text": "class A {};void A::foo(){}"}}}, {"@Demonstrative_Example_ID": "DX-86", "Intro_Text": "In this example, the program calls the delete[] function on non-heap memory.", "Example_Code": {"@Nature": "Bad", "@Language": "C++", "xhtml:div": {"xhtml:div": [{"@style": "margin-left:1em;", "#text": "void foo(bool);"}, {"@style": "margin-left:1em;", "xhtml:div": [{"@style": "margin-left:1em;", "#text": "11,22"}, {"@style": "margin-left:1em;", "#text": "p = new int[2];"}], "xhtml:br": [null, null, null], "#text": "int localArray[2] = {};int *p = localArray;if (heap){}delete[] p;"}], "xhtml:br": null, "#text": "class A{};void A::foo(bool heap) {}"}}}]}, "Functional_Areas": {"Functional_Area": "Memory Management"}, "Affected_Resources": {"Affected_Resource": "Memory"}, "Taxonomy_Mappings": {"Taxonomy_Mapping": [{"@Taxonomy_Name": "CERT C Secure Coding", "Entry_ID": "WIN30-C", "Entry_Name": "Properly pair allocation and deallocation functions", "Mapping_Fit": "Exact"}, {"@Taxonomy_Name": "Software Fault Patterns", "Entry_ID": "SFP12", "Entry_Name": "Faulty Memory Release"}]}, "References": {"Reference": [{"@External_Reference_ID": "REF-657"}, {"@External_Reference_ID": "REF-480"}, {"@External_Reference_ID": "REF-391"}, {"@External_Reference_ID": "REF-1518"}]}, "Mapping_Notes": {"Usage": "Allowed", "Rationale": "This CWE entry is at the Variant level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.", "Comments": "Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.", "Reasons": {"Reason": {"@Type": "Acceptable-Use"}}}, "Notes": {"Note": {"@Type": "Applicable Platform", "xhtml:p": "This weakness is possible in any programming language that allows manual management of memory."}}, "Content_History": {"Submission": {"Submission_Name": "CWE Content Team", "Submission_Organization": "MITRE", "Submission_Date": "2009-05-08", "Submission_Version": "1.4", "Submission_ReleaseDate": "2009-05-27"}, "Modification": [{"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2009-12-28", "Modification_Version": "1.7", "Modification_ReleaseDate": "2009-12-28", "Modification_Comment": "updated Applicable_Platforms, Likelihood_of_Exploit"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2010-06-21", "Modification_Version": "1.9", "Modification_ReleaseDate": "2010-06-21", "Modification_Comment": "updated Description, Potential_Mitigations"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-06-01", "Modification_Version": "1.13", "Modification_ReleaseDate": "2011-06-01", "Modification_Comment": "updated Common_Consequences"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2011-09-13", "Modification_Version": "2.1", "Modification_ReleaseDate": "2011-09-13", "Modification_Comment": "updated Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-05-11", "Modification_Version": "2.2", "Modification_ReleaseDate": "2012-05-15", "Modification_Comment": "updated Demonstrative_Examples, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2012-10-30", "Modification_Version": "2.3", "Modification_ReleaseDate": "2012-10-30", "Modification_Comment": "updated Potential_Mitigations"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2014-02-18", "Modification_Version": "2.6", "Modification_ReleaseDate": "2014-02-19", "Modification_Comment": "updated Demonstrative_Examples, Potential_Mitigations, References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2014-07-30", "Modification_Version": "2.8", "Modification_ReleaseDate": "2014-07-31", "Modification_Comment": "updated Relationships, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2017-11-08", "Modification_Version": "3.0", "Modification_ReleaseDate": "2017-11-08", "Modification_Comment": "updated Applicable_Platforms, References, Taxonomy_Mappings"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2019-01-03", "Modification_Version": "3.2", "Modification_ReleaseDate": "2019-01-03", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-02-24", "Modification_Version": "4.0", "Modification_ReleaseDate": "2020-02-24", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2020-12-10", "Modification_Version": "4.3", "Modification_ReleaseDate": "2020-12-10", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2021-03-15", "Modification_Version": "4.4", "Modification_ReleaseDate": "2021-03-15", "Modification_Comment": "updated Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-01-31", "Modification_Version": "4.10", "Modification_ReleaseDate": "2023-01-31", "Modification_Comment": "updated Description"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-04-27", "Modification_Version": "4.11", "Modification_ReleaseDate": "2023-04-27", "Modification_Comment": "updated References, Relationships"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2023-06-29", "Modification_Version": "4.12", "Modification_ReleaseDate": "2023-06-29", "Modification_Comment": "updated Mapping_Notes"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-09-09", "Modification_Version": "4.18", "Modification_ReleaseDate": "2025-09-09", "Modification_Comment": "updated Functional_Areas, References"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2025-12-11", "Modification_Version": "4.19", "Modification_ReleaseDate": "2025-12-11", "Modification_Comment": "updated Applicable_Platforms, Detection_Factors, Potential_Mitigations, References, Weakness_Ordinalities"}, {"Modification_Name": "CWE Content Team", "Modification_Organization": "MITRE", "Modification_Date": "2026-04-30", "Modification_Version": "4.20", "Modification_ReleaseDate": "2026-04-30", "Modification_Comment": "updated Detection_Factors"}], "Contribution": {"@Type": "Feedback", "Contribution_Name": "Martin Sebor", "Contribution_Organization": "Cisco Systems, Inc.", "Contribution_Date": "2010-04-30", "Contribution_Comment": "Provided improvement to existing Mitigation"}}}
