Mismatched C++ memory allocation and deallocation functions

Description

The software attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource. Due to inherent limitations of Semgrep, this rule might generate many false positives and should therefore be customized for your codebase.

Rationale

The software attempts to return a memory resource to the system, but it calls a release function that is not compatible with the function that was originally used to allocate that resource. Due to inherent limitations of Semgrep, this rule might generate many false positives and should therefore be customized for your codebase.

The following code illustrates a vulnerable pattern detected by this rule:

void bad1()
{
	BarObj *ptr = new BarObj()

		// VULNERABLE: Mismatched C++ memory allocation and deallocation functions
		free(ptr);
}

Remediation

Follow secure coding practices and review the references below for detailed remediation guidance.

Configuration

This detector does not need any configuration.

Mismatched C++ memory allocation and deallocation functions

Description

Rationale

Remediation

Configuration

References