Memory Deallocation Bugs (MDL) Class

Definition

We define Memory Deallocation Bugs (MDL) as follows:

An object is dealocated, reduced, or reallocated (while reducing) improperly.

Taxonomy

Fig. 1 depicts MDL causes, attributes and consequences.

Fig 1. Memory Deallocation Bugs (MDL) Class - click on image for detailed view.

Operations

The MDL operations are: Deallocate, Reduce, Reallocate–Reduce. They reflect improper release of an object.

Operation Value	Definition
Deallocate	Releases the allocated memory of an object.
Reduce	Deallocates part of the object memory; redefines its bound- aries and size.
Reallocate–Reduce	Allocates a new smaller space in memory for an object at a new address, copies part of the object content there, reassigns the pointer, and deallocates the previous piece of memory.

Causes

The graph of causes shows that there are three main causes for Memory Deallocation bugs: Improper Operation, Improper Pointer, and Improper Object.

Improper Operation
Value	Definition
Missing	The operation is absent.
Mismatched	The deallocation function does not match the allocation function used for the same object.
Erroneous	There is a bug in the implementation of the operation.

Improper Pointer
Value	Definition
Wild Pointer	Points to an arbitrary address, because it has not been initialized or an erroneous allocation routine is used.
Dangling Pointer	Still points to the address of its successfully deallo- cated object.
Wrong Position	Points to a miscalculated position inside object bounds.
Hardcoded Address	The pointer points a wrong specific address.
Forbidden Address	The pointer points to an OS protected or non-existing address.

Improper Object
Value	Definition
Wrong Size Used	The value used as size does not match the real size of the object.
Not Enough Allocated	The allocated memory is too little for the data it should store.

Consequences

Improper Pointer for Next Operation

Improper object for Next Operation

Memory Error

Improper Pointer for Next Operation
Value	Definition
NULL Pointer	Points to the zero address, a specific invalid address.

Improper Object for Next Operation
Value	Definition
Not Enough Allocated	The allocated memory is too little for the data it should store.

Memory Error
Value	Definition
Memory Leak	An object has no pointer pointing to it.
Double Free	Attempt to deallocate a deallocated object or via an uninitialized pointer.
Object Corruption	Object data is unintentionally altered.

Attributes

The attributes of MDL are:

Name	Value	Definition
Mechanism	Implicit	The operation is performed without a function call.
Mechanism	Explicit	The operation is performed by a function/ method) call.
Source Code	Codebase	The operation is in programmer’s code – in the application itself.
	Third Party	The operation is in a third party library.
	Standard Library	The operation is in the standard library for a particular programming language.
	Language Processor	The operation is in the tool that allows execution or creates executable (compiler, assembler, interpreter).
Execution Space	Userland	The bugged code runs in an environment with privilege levels, but in unprivileged mode (e.g., ring 3 in x86 architecture).
	Kernel	The bugged code runs in an environment with privilege levels with access privileged instruc- tions (e.g., ring 0 in x86 architecture).
	Bare-Metal	The bugged code runs in an environment with-out privilege control. Usually, the program is the only software running and has total access to the hardware.
Ownership	None	The object has no owner.
	Single	The object has one owner.
	Shared	The object has more than one owner.
Location	Stack	The object is a non-static local variable (defined in a function, a passed parameters, or a function return address).
Location	Heap	The object is a dynamically allocated data structure (e.g., via malloc() and new).

Sites

free()

del

realoc()

Application