CERT C: Rule MEM34-C

Invalid free of pointer occurs when a block of memory released using the free function was not previously allocated using malloc, calloc, or realloc.

The free function releases a block of memory allocated on the heap. If you try to access a location on the heap that you did not allocate previously, a segmentation fault can occur.

The issue can highlight coding errors. For instance, you perhaps wanted to use the free function on a different pointer.

In most cases, you can fix the issue by removing the free statement. If a pointer is not allocated memory from the heap with malloc or calloc, you do not need to free the pointer. You can simply reuse the pointer as required.

If the issue highlights a coding error such as use of free or malloc on the wrong pointer, correct the error.

If the issue occurs because you use the free function to free memory allocated with the new operator, replace the free function with the delete operator.

#include <stdlib.h>

void Assign_Ones(void) 
{
  int p[10];
  for(int i=0;i<10;i++)
     *(p+i)=1; 
 
  free(p);    //Noncompliant
  /* Defect: p does not point to dynamically allocated memory */
}

The pointer p is deallocated using the free function. However, p points to a memory location that was not dynamically allocated.

If the number of elements of the array p is known at compile time, one possible correction is to remove the deallocation of the pointer p.

#include <stdlib.h>

void Assign_Ones(void)
 {
  int p[10];
  for(int i=0;i<10;i++)
     *(p+i)=1;   
  /* Fix: Remove deallocation of p */
 }

If the number of elements of the array p is not known at compile time, one possible correction is to dynamically allocate memory to the array p.

#include <stdlib.h>

void Assign_Ones(int num) 
{
  int *p;
  /* Fix: Allocate memory dynamically to p */
  p=(int*) calloc(10,sizeof(int)); 
  for(int i=0;i<10;i++)
     *(p+i)=1; 
  free(p); 
}

Invalid reallocation of pointer occurs when a block of memory reallocated using the realloc function was not previously allocated using malloc or calloc.

Reallocating a block of memory that was not allocated dynamically allocated can result in undefined behavior.

The issue can highlight coding errors. For instance, you perhaps wanted to use the realloc function on a different pointer.

If you want to reallocate a block of memory, make sure that it was dynamically allocated in the first place.

#include <stdlib.h>
  
#define SIZE 256

void reshape(int isSpaceAvailable) {
  char buf[SIZE];
  char *newBuf;
  newBuf = (char *)realloc(buf, 2 * SIZE); //Noncompliant
  
  if (newBuf == NULL) {
    /* Handle error */
  }
}

In this example, the buffer buf is not allocated dynamically. Therefore, the reallocation of buf results in undefined behavior.

Make sure that a buffer that you reallocate was previous allocated memory dynamically.

#include <stdlib.h>
  
#define SIZE 256

void reshape(void){
  char *buf;
  char *newBuf;
  buf = (char*)malloc(SIZE *sizeof(char));
  newBuf = (char *)realloc(buf, 2 * SIZE);
  
  if (newBuf == NULL) {
    /* Handle error */
  }
  free(newBuf);
}