ALLOC.UAF : 解放後の使用

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

ALLOC.UAF : 解放後の使用

既に解放されたオブジェクトに対して間接参照されています。

クラス名

Use After Free

日本語クラス名

解放後の使用

クラス分類

セキュリティ (security)

ニーモニック

ALLOC.UAF

カテゴリー

MisraC2023	MisraC2023:21.20	The pointer returned by the Standard Library functions asctime, ctime, gmtime, localtime, localeconv, setlocale or strerror shall not be used following a subsequent call to the same function
Misra2012	Misra2012:21.20	The pointer returned by the Standard Library functions asctime, ctime, gmtime, localtime, localeconv, setlocale or strerror shall not be used following a subsequent call to the same function
AUTOSARC++14	AUTOSARC++14:A3-8-1	An object shall not be accessed outside of its lifetime.
	AUTOSARC++14:A12-8-5	A copy assignment and a move assignment operators shall handle self-assignment.
	AUTOSARC++14:A23-0-2	Elements of a container shall only be accessed via valid references, iterators, and pointers.
MisraC++2023	MisraC++2023:6.8.1	An object shall not be accessed outside of its lifetime
CWE	CWE:416	Use After Free
	CWE:573	Improper Following of Specification by Caller
	CWE:672	Operation on a Resource after Expiration or Release
	CWE:696	Incorrect Behavior Order
TS17961	TS17961:5.2-accfree	5.2. Accessing freed memory
CERT-C	CERT-C:MEM01-C	Store a new value in pointers immediately after free()
	CERT-C:MEM30-C	Do not access freed memory
CERT-CPP	CERT-CPP:CTR51-CPP	Use valid references, pointers, and iterators to reference elements of a container
	CERT-CPP:EXP54-CPP	Do not access an object outside of its lifetime
	CERT-CPP:MEM50-CPP	Do not access freed memory
	CERT-CPP:OOP54-CPP	Gracefully handle self-copy assignment
	CERT-CPP:STR52-CPP	Use valid references, pointers, and iterators to reference elements of a basic_string
JSF++	JSF++:70.1	An object shall not be improperly used before its lifetime begins or after its lifetime ends.
	JSF++:81	The assignment operator shall handle self-assignment correctly.

対応言語

C および C++ で利用可能です。

有効/無効設定

このワーニングクラスのチェックはデフォルトで有効になっています。チェックを無効にするにはプロジェクト設定ファイル（configuration file）に以下の WARNING_FILTER ルールを追加してください。

WARNING_FILTER += discard class="Use After Free"

#include <stdlib.h>

void uaf(void){
    char *p = malloc(10);
    if (!p){return;}
    char *q = p;                  /* aliasing is taken into account */
    free(p);
    q[0] = 'a';   /* 'Use After Free' warning issued here */
}

設定ファイルの以下のパラメータがこのワーニングクラスのチェックに影響します。

ALLOC.UAF : 解放後の使用

要旨

プロパティ

例

関連のある設定ファイルパラメータ