Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

What does "double free" mean?

Tags:

c

double-free

As the title suggests I am new to C and have a mid-term coming up shortly. I am revising from past papers currently and a recurring theme is the double free problem. I understand that it is the process of calling free() on the same memory location twice, but I have a couple of questions that I'm not 100% sure how to answer:

Question 1: What is the result of a double free in C, and why is it such a problem?

This will cause a double free:

char* ptr = malloc(sizeof(char));  *ptr = 'a'; free(ptr); free(ptr); 

My response to this would be that it would return a 0x0 memory address and cause a system instability/crash. Also if I remember correctly, a double free can actually call malloc twice which results in a buffer overflow thus leaving the system vulnerable.

What would be the best way to briefly sum up this question?

Question 2: Describe a situation in which it is particularly easy to introduce a double free in C?

I was thinking when passing pointers around you may accidentally free it in one function, and also free it again without realising?

Again, what is the "best" way to sum this up?

like image 474
chris edwards Avatar asked Jan 11 '14 01:01

chris edwards


People also ask

What happens if you double free C?

A double free in C, technically speaking, leads to undefined behavior. This means that the program can behave completely arbitrarily and all bets are off about what happens.

What does double free or corruption mean?

The error of double free or corruption in C++ means that our program somehow invokes the free() C++ object with an illegal pointer variable. When we use smart pointers such as shared_ptr, we must check because if we call the function get(), we are directly using the raw pointer.

How can double free be avoided?

Double Free A simple technique to avoid this type of vulnerability is to always assign NULL to a pointer after it has been freed. Subsequent attempts to free a null pointer will be ignored by most heap managers.

Is Double free undefined behavior?

Double free() is undefined behaviour, which means that the program is allowed to behave in arbitrary ways. The program might work just fine, or it might blow up in testing, or it might pass all your tests and then blow up in your customer's face, or it might corrupt some data, or it might launch a nuclear strike, etc.


1 Answers

A double free in C, technically speaking, leads to undefined behavior. This means that the program can behave completely arbitrarily and all bets are off about what happens. That's certainly a bad thing to have happen! In practice, double-freeing a block of memory will corrupt the state of the memory manager, which might cause existing blocks of memory to get corrupted or for future allocations to fail in bizarre ways (for example, the same memory getting handed out on two different successive calls of malloc).

Double frees can happen in all sorts of cases. A fairly common one is when multiple different objects all have pointers to one another and start getting cleaned up by calls to free. When this happens, if you aren't careful, you might free the same pointer multiple times when cleaning up the objects. There are lots of other cases as well, though.

Hope this helps!

like image 70
templatetypedef Avatar answered Sep 18 '22 15:09

templatetypedef