Multiple deallocation

from Wikipedia, the free encyclopedia

Double free () (double call of the free function ) denotes an error in computer programs when they try to free the same memory area several times. Double free is a potential security hole . The name is derived from the memory release function that is used in many programming languages ​​such as: B. means C free .

backgrounds

In a C program, dynamic memory is requested via malloc ; after use it must be released again via free . However, if an attempt is made to release a memory area multiple times using free , most free implementations will result in undefined behavior. It is possible to have the program crash in this way or even to write it to certain points in the program memory, which can be used to execute any code and manipulate values ​​in registers. Such situations are usually achieved when memory releases occur within signal handlers or other code that can be used multiple times under certain conditions.

For more information, see the article on memory leaks , where the same mechanisms lead to programming errors.

Remedies

Since multiple memory releases are a programmer's mistake, the problem can be found through careful programming and every effort to find bugs .

Some programmers set pointers to zero after freeing the memory and check in other places whether the pointer is the null pointer. 

void *ptr;    /* zeigt irgendwann auf Speicher von malloc() */

if (ptr) {
    free(ptr);
    ptr = NULL;
}

However, this does not solve the problem when two pointers have the same goal. If one of the memories is released and the pointer is set to zero, the second pointer still points to the released memory. 

void *ptr;    /* zeigt irgendwann auf Speicher von malloc() */

void *ptr2 = ptr;
if (ptr2) {
    free(ptr2);   /* Speicher freigegeben, auf den ptr und ptr2 zeigen */
    ptr2 = NULL;
}

/* Der Speicher wurde freigegeben, ptr ist aber nicht null! */
if (ptr) {
    free(ptr);    /* double free trotz Test */
    ptr = NULL;
}

In addition, there is also software such as Valgrind to examine memory operations in more detail and thus to support manual searches.

Smart pointers (English smart pointers ) prevent memory is released that is still referenced by other hands. The pointers to a memory area are counted and the memory is not actually released until the last pointer is released.

Garbage collection (English garbage collection ) is another way, multiple memory releases to avoid.

Programming languages ​​other than C

The free function only exists in C , C ++ (as an operator delete) and related languages; in the programming language Object Pascal (Borland Delphi), for example, GetMem () / FreeMem () is the equivalent of the malloc () / free () function pair . To avoid this problem, the procedure Free is usually used instead of the destructor Destroy to release objects .

Programming languages ​​with automatic garbage collection, such as Java or Python , do not know any explicit memory releases and therefore have no possibility of releasing released memory again.

Web links