mirror of
https://github.com/github/codeql.git
synced 2025-12-28 14:46:33 +01:00
34 lines
1.0 KiB
XML
34 lines
1.0 KiB
XML
<!DOCTYPE qhelp PUBLIC
|
|
"-//Semmle//qhelp//EN"
|
|
"qhelp.dtd">
|
|
<qhelp>
|
|
|
|
|
|
<overview>
|
|
<p>
|
|
This rule finds accesses through a pointer of a memory location that has already been freed (i.e. through a dangling pointer).
|
|
Such memory blocks have already been released to the dynamic memory manager, and modifying them can lead to anything
|
|
from a segfault to memory corruption that would cause subsequent calls to the dynamic memory manger to behave
|
|
erratically, to a possible security vulnerability.
|
|
</p>
|
|
|
|
<include src="pointsToWarning.qhelp" />
|
|
|
|
</overview>
|
|
<recommendation>
|
|
<p>
|
|
Ensure that all execution paths that access memory through a pointer never access that pointer after it is freed.
|
|
</p>
|
|
|
|
</recommendation>
|
|
<example><sample src="UseAfterFree.cpp" />
|
|
|
|
|
|
|
|
</example>
|
|
<references>
|
|
<li>I. Gerg. <em>An Overview and Example of the Buffer-Overflow Exploit</em>. IANewsletter vol 7 no 4. 2005.</li><li>
|
|
M. Donaldson. <em>Inside the Buffer Overflow Attack: Mechanism, Method & Prevention</em>. SANS Institute InfoSec Reading Room. 2002.</li>
|
|
</references>
|
|
</qhelp>
|