View Help Online

Start here

Home
About Klocwork
What's new
Fixed issues
Release notes
Installation

Reference

C/C++ checkers
Java checkers
C# checkers
MISRA C 2004 checkers
MISRA C++ 2008 checkers
MISRA C 2012 checkers
MISRA C 2012 checkers with Amendment 1
Commands
Metrics
Troubleshooting
Reference

Product components

C/C++ Integration build analysis
Java Integration build analysis
Desktop analysis
Refactoring
Klocwork Static Code Analysis
Klocwork Code Review
Structure101
Tuning
Custom checkers

Coding environments

Visual Studio
Eclipse for C/C++
Eclipse for Java
IntelliJ IDEA
Other

Administration

Project configuration
Build configuration
Administration
Analysis performance
Server performance
Security/permissions
Licensing
Klocwork Static Code Analysis Web API
Klocwork Code Review Web API

Community

View help online
Visit RogueWave.com
Klocwork Support
Rogue Wave Videos

Legal

Legal information

FMM.MIGHT

Freeing memory possible with mismatched function

When allocated memory is freed or deallocated, it must be done with the corresponding deallocation function. If memory is allocated using one mechanism and released using another-for example, mixing C and C++ memory management functions, or mixing scalar and vector memory management functions-undefined behavior can occur. The FMM.MIGHT checker flags instances in which mismatched functions may have been used to allocate and deallocate memory.

Vulnerability and risk

Using mismatched memory allocation and deallocation functions typically results in unexpected program behavior, and can open the application to denial-of-service (DoS) attacks or memory corruption issues. Particularly in an array of objects, heap memory can be corrupted if the wrong elements of memory are freed. A significant memory leak can occur, which can be exploited as a DoS attack or a program crash.

Mitigation and prevention

Make sure you use the corresponding allocator and deallocator pairs, as shown in the following table:

Allocator Deallocator
malloc(), calloc(), realloc() free
operator new() operator delete()
operator new[]() operator delete[]()
placement new() destructor

Vulnerable code example

1  class A {
2          int *data;
3          A(const A&) { /* prohibited */ }
4          A& operator =(const A&) { /* prohibited */ }
5      public:
6          A() {
7              data = new int [10];
8          }
9  
10         ~A() {
11             delete[] data;
12         }
13 };
14 
15 void foo(A **pp, bool t) {
16     if (!*pp) {
17         *pp = new A[5];
18     }
19     if (t) {
20         delete *pp;
21         *pp = 0;
22     }
23 }

Klocwork produces a mismatched deallocation report, indicating that the memory pointed by '*pp' was allocated through the new[] operator at line 17, and might be released by the delete operator at line 20 instead of delete[]. A mismatched set of allocator and deallocator like this can result in unpredictable program behavior, and possibly make the application vulnerable to malicious attack.

Related checkers

External guidance

Extension

This checker can be extended through the Klocwork knowledge base. See Tuning C/C++ analysis for more information.

Parent topic: Improper memory deallocation
Previous topic: CL.FMM
Next topic: FMM.MUST

© Rogue Wave Software, Inc. All rights reserved. | Contact