-
Notifications
You must be signed in to change notification settings - Fork 65
/
Copy pathmismatched-memory-management-cpp.yaml
79 lines (79 loc) · 2.4 KB
/
mismatched-memory-management-cpp.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
rules:
- id: raptor-mismatched-memory-management-cpp
metadata:
author: Marco Ivaldi <raptor@0xdeadbeef.info>
references:
- https://cwe.mitre.org/data/definitions/762
- https://cwe.mitre.org/data/definitions/590
- https://github.com/struct/mms
- https://docs.microsoft.com/en-us/cpp/sanitizers/asan-error-examples
confidence: LOW
# NOTE: valloc(), reallocf(), aligned_alloc(), and custom wrappers
# are not covered.
# NOTE: overloaded operators, VirtualAlloc()/VirtualFree(),
# mmap()/munmap() are not covered.
message: >-
The software attempts to return a memory resource to the system, but
it calls a release function that is not compatible with the function
that was originally used to allocate that resource.
Due to inherent limitations of Semgrep, this rule might generate many
false positives and should therefore be customized for your codebase.
severity: INFO
languages:
- cpp
pattern-either:
# free
- patterns:
- pattern: free($PTR);
- pattern-not-inside: |
$PTR = malloc(...);
...
free($PTR);
- pattern-not-inside: |
$PTR = ($CAST)malloc(...);
...
free($PTR);
- pattern-not-inside: |
$PTR = calloc(...);
...
free($PTR);
- pattern-not-inside: |
$PTR = ($CAST)calloc(...);
...
free($PTR);
- pattern-not-inside: |
$PTR = realloc(...);
...
free($PTR);
- pattern-not-inside: |
$PTR = ($CAST)realloc(...);
...
free($PTR);
- pattern-not-inside: |
$PTR = strdup(...);
...
free($PTR);
- pattern-not-inside: |
$PTR = strndup(...);
...
free($PTR);
# delete[]
- patterns:
- pattern: delete[]($PTR);
- pattern-not-inside: |
$PTR = new $OBJ[$SIZE];
...
delete[]($PTR);
# delete
- patterns:
- pattern: delete($PTR);
- pattern-not-inside: |
$PTR = new $OBJ;
...
delete($PTR);
- patterns:
- pattern: delete($PTR);
- pattern-inside: |
$PTR = new $OBJ[$SIZE];
...
delete($PTR);