logo

Mismatched Memory Management Routines

Incomplete Variant
Structure: Simple
Description

This vulnerability occurs when a program uses incompatible functions to allocate and free memory. For example, freeing memory with a function that doesn't match the one used to create it, like mixing different memory management systems.

Extended Description

Mismatched memory management happens when allocation and deallocation routines come from incompatible sources. Common examples include trying to free stack-allocated memory with `free()` (which only works for heap memory), or allocating with C's `malloc()` but deallocating with C++'s `delete` operator. These functions manage memory in fundamentally different ways, and swapping them breaks the underlying memory manager's expectations. The consequences range from immediate crashes and data corruption to more severe security issues like memory corruption exploits that could lead to arbitrary code execution. The severity depends on the specific routines involved, the program's memory layout, and whether an attacker can control or influence the mismatched operation.
Common Consequences 1
Scope: IntegrityAvailabilityConfidentiality

Impact: Modify MemoryDoS: Crash, Exit, or RestartExecute Unauthorized Code or Commands
Potential Mitigations 5
Phase: Implementation
Only call matching memory management functions. Do not mix and match routines. For example, when you allocate a buffer with malloc(), dispose of the original pointer with free().
Phase: Implementation

Strategy: Libraries or Frameworks

Choose a language or tool that provides automatic memory management, or makes manual memory management less error-prone. For example, glibc in Linux provides protection against free of invalid pointers. When using Xcode to target OS X or iOS, enable automatic reference counting (ARC) [REF-391]. To help correctly and consistently manage memory when programming in C++, consider using a smart pointer class such as std::auto_ptr (defined by ISO/IEC ISO/IEC 14882:2003), std::shared_ptr and std::unique_ptr (specified by an upcoming revision of the C++ standard, informally referred to as C++ 1x), or equivalent solutions such as Boost.
Phase: Architecture and Design

Strategy: Libraries or Frameworks

Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid. For example, glibc in Linux provides protection against free of invalid pointers.
Phase: Architecture and Design
Use a language that provides abstractions for memory allocation and deallocation.
Phase: Testing
Use a tool that dynamically detects memory management problems, such as valgrind.
Demonstrative Examples 3

ID : DX-80

This example allocates a BarObj object using the new operator in C++, however, the programmer then deallocates the object using free(), which may lead to unexpected behavior.

Code Example:

Bad
C++
c++

/* do some work with ptr here /

c++
Instead, the programmer should have either created the object with one of the malloc family functions, or else deleted the object with the delete operator.

Code Example:

Good
C++
c++

/* do some work with ptr here /

c++

ID : DX-85

In this example, the program does not use matching functions such as malloc/free, new/delete, and new[]/delete[] to allocate/deallocate the resource.

Code Example:

Bad
C++
c++

ID : DX-86

In this example, the program calls the delete[] function on non-heap memory.

Code Example:

Bad
C++
c++
References 3
boost C++ Library Smart Pointers
https://www.boost.org/doc/libs/1_38_0/libs/smart_ptr/smart_ptr.htm(2023-04-07)
ID: REF-657
Valgrind
https://valgrind.org/(2025-07-24)
ID: REF-480
Transitioning to ARC Release Notes
iOS Developer Library
08-08-2013
https://developer.apple.com/library/archive/releasenotes/ObjectiveC/RN-TransitioningToARC/Introduction/Introduction.html(2023-04-07)
ID: REF-391
Likelihood of Exploit

Low

Applicable Platforms
Languages:
C : UndeterminedC++ : Undetermined
Modes of Introduction
Implementation
Functional Areas
  1. Memory Management
Affected Resources
  1. Memory
Related Weaknesses
ChildOf: Release of Invalid Pointer or Reference (CWE-763)
ChildOf: Improper Resource Shutdown or Release (CWE-404)
Taxonomy Mapping
  • CERT C Secure Coding
  • Software Fault Patterns
Notes
Applicable Platform This weakness is possible in any programming language that allows manual management of memory.