Mismatched memory allocation and deallocation functions

Description

The software attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource. Due to inherent limitations of Semgrep, this rule might generate many false positives and should therefore be customized for your codebase.

Rationale

The software attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource. Due to inherent limitations of Semgrep, this rule might generate many false positives and should therefore be customized for your codebase.

The following code illustrates a vulnerable pattern detected by this rule:

	int *p = localArray;

	// VULNERABLE: Mismatched memory allocation and deallocation functions
	free(p);
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

References

CWE-762
OWASP Top 10 2021 - A04 : Insecure Design.
https://cwe.mitre.org/data/definitions/590
https://github.com/struct/mms
CERTC-WIN30-C
CERTC-MEM51-CPP