Common Weakness Enumeration
Back to CWE stats page
CWE-763
Release of Invalid Pointer or Reference
The product attempts to return a memory resource to the system, but it calls the wrong release function or calls the appropriate release function incorrectly.
Mitigation
Phase: Implementation
Description:
- Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
Mitigation
Phase: Implementation
Description:
- When programming in C++, consider using smart pointers provided by the boost library to help correctly and consistently manage memory.
Mitigation ID: MIT-4.6
Phase: Architecture and Design
Strategy: Libraries or Frameworks
Description:
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, glibc in Linux provides protection against free of invalid pointers.
Mitigation
Phase: Architecture and Design
Description:
- Use a language that provides abstractions for memory allocation and deallocation.
No CAPEC attack patterns related to this CWE.