Double free of previously deallocated memory
ID |
c.memory_management.double_free |
Severity |
high |
Resource |
Memory Management |
Language |
C / C++ |
Description
The software calls free() twice on the same memory address '$PTR', potentially leading to memory corruption. This corruption can cause the program to crash or cause two later calls to malloc() to return the same pointer.
Rationale
The software calls free() twice on the same memory address '$PTR', potentially leading to memory corruption. This corruption can cause the program to crash or cause two later calls to malloc() to return the same pointer.
The following code illustrates a vulnerable pattern detected by this rule:
// this should be caught but it isn't, due to a documented limitation in semgrep
// https://semgrep.dev/docs/writing-rules/pattern-syntax/#ellipses-and-statement-blocks
// todoruleid: raptor-double-free
if (bailout)
free(ptr);
free(ptr);
// VULNERABLE: Double free of previously deallocated memory
free(ptr);
}Remediation
Follow secure coding practices and review the references below for detailed remediation guidance.