Memory Allocation Bugs (MAL) Class

Definition

Taxonomy

Fig 1. Memory Allocation Bugs (MAL) Class - click on image for detailed view.

Causes

Improper Operation
ValueDefinition
MissingThe operation is absent.
MismatchedThe deallocation function does not match the allocation function used for the same object.
ErroneousThere is a bug in the implementation of the operation.
Improper Pointer
ValueDefinition
Wild PointerPoints to an arbitrary address, because it has not been initialized or an erroneous allocation routine is used.
Dangling PointerStill points to the address of its successfully deallo- cated object.
Wrong PositionPoints to a miscalculated position inside object bounds.
Hardcoded AddressThe pointer points a wrong specific address.
Forbidden AddressThe pointer points to an OS protected or non-existing address.
Single Owner of ObjectThe only pointer of an already allocated object is used to allocate a new object.
Improper Object
ValueDefinition
Wrong Size UsedThe value used as size does not match the real size of the object.

Operations

Operation ValueDefinition
AllocateReserves space in memory for an object; defines its initial boundaries and size.
ExtendAllocates additional memory for an object in the same space; redefines its boundaries and size.
Reallocate–Extend Allocates a new larger piece of memory for an object at a new address, copies the object content there, reassigns its pointer, and deallocates the previous piece of memory.

Attributes

Consequences

Improper Pointer for Next Operation
ValueDefinition
NULL PointerPoints to the zero address, a specific invalid address.
Wild PointerPoints to an arbitrary address, because it has not been initialized or an erroneous allocation routine is used.
Improper Object for Next Operation
ValueDefinition
Not Enough AllocatedThe allocated memory is too little for the data it should store.
Memory Error
ValueDefinition
Memory OverflowMore memory requested than available.
Memory LeakAn object has no pointer pointing to it.
Double FreeAttempt to deallocate a deallocated object or via an uninitialized pointer.
Object CorruptionObject data is unintentionally altered.

Sites

Related BF Classes

Related CWEs, SFPs and ST

Application