c.lang.security.double-free.double-free
Community Favorite
semgrepAuthor
46,010
Download Count*
License
Variable '$VAR' was freed twice. This can lead to undefined behavior.
Run Locally
Run in CI
Defintion
rules:
- id: double-free
patterns:
- pattern-not: |
free($VAR);
...
$VAR = NULL;
...
free($VAR);
- pattern-not: |
free($VAR);
...
$VAR = malloc(...);
...
free($VAR);
- pattern-inside: |
free($VAR);
...
$FREE($VAR);
- metavariable-pattern:
metavariable: $FREE
pattern: free
- focus-metavariable: $FREE
message: Variable '$VAR' was freed twice. This can lead to undefined behavior.
metadata:
cwe:
- "CWE-415: Double Free"
owasp:
- A03:2021 - Injection
- A01:2017 - Injection
references:
- https://cwe.mitre.org/data/definitions/415.html
- https://owasp.org/www-community/vulnerabilities/Doubly_freeing_memory
category: security
technology:
- c
confidence: LOW
subcategory:
- vuln
likelihood: LOW
impact: HIGH
license: Commons Clause License Condition v1.0[LGPL-2.1-only]
vulnerability_class:
- Memory Issues
languages:
- c
severity: ERROR
Examples
double-free.c
#include <stdlib.h>
int bad_code1() {
char *var = malloc(sizeof(char) * 10);
free(var);
// ruleid: double-free
free(var);
return 0;
}
int okay_code1() {
char *var = malloc(sizeof(char) * 10);
free(var);
var = NULL;
// ok: double-free
free(var);
return 0;
}
int okay_code2() {
char *var = malloc(sizeof(char) * 10);
free(var);
var = malloc(sizeof(char) * 10);
// ok: double-free
free(var);
return 0;
}
Short Link: https://sg.run/eLl0