-
Notifications
You must be signed in to change notification settings - Fork 65
/
Copy pathdouble-free.yaml
38 lines (38 loc) · 1.26 KB
/
double-free.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
rules:
- id: raptor-double-free
metadata:
author: Marco Ivaldi <raptor@0xdeadbeef.info>
references:
- https://cwe.mitre.org/data/definitions/415
- https://github.com/struct/mms
- https://www.sei.cmu.edu/downloads/sei-cert-c-coding-standard-2016-v01.pdf
- https://docs.microsoft.com/en-us/cpp/sanitizers/asan-error-examples
- https://dustri.org/b/playing-with-weggli.html
confidence: MEDIUM
# NOTE: C++ delete and delete[] operators are not covered.
# NOTE: realloc() is not covered.
# NOTE: Variations on the free() argument are not covered.
message: >-
The software calls free() twice on the same memory address, potentially
leading to memory corruption. This corruption can cause the program to
crash or cause two later calls to malloc() to return the same pointer.
severity: ERROR
languages:
- c
- cpp
patterns:
- pattern: |
free($PTR);
...
$FREE($PTR);
- pattern-not: |
free($PTR);
...
$PTR = $EXPR;
...
free($PTR);
- metavariable-pattern:
metavariable: $FREE
pattern: free
# improve output readability
- focus-metavariable: $FREE